setuid diffs...
Steve Bertrand
iaccounts at ibctech.ca
Fri Jul 23 07:32:19 PDT 2004
Hi all,
Late yesterday, I ``cloned'' my single, primary IDE FreeBSD hard disk onto
a larger one. Then, using a Promise ATA IDE RAID controller I built a
RAID-1 array.
Everything went as planned, the box is now back up using the 'ar' driver
for the array. However, in the security run output last night, I got this:
Checking setuid files and devices:
pearl.ibctech.ca setuid diffs:
1,73c1,73
< 106 -r-sr-xr-x 1 root wheel 251444 Jul 16 12:07:10 2004 /bin/rcp <
15904 -r-xr-sr-x 1 root kmem 66216 Jul 16 12:07:25 2004
/sbin/ccdconfig
< 15949 -r-sr-xr-x 1 root wheel 203992 Jul 16 12:07:28 2004
/sbin/ping
and down further:
- > 1036 -r-sr-xr-x 1 root wheel 251444 Jul 16 12:07:10 2004 /bin/rcp
- > 1292 -r-xr-sr-x 1 root kmem 66216 Jul 16 12:07:25 2004
/sbin/ccdconfig
- > 1339 -r-sr-xr-x 1 root wheel 203992 Jul 16 12:07:28 2004 /sbin/ping
Did this happen because the files were transferred from one disk to
another and the system knew it? Or should I be concerned of a possible
'coincidental' invasion?
Tks for any help!
Steve
More information about the freebsd-questions
mailing list