Fw: lothlorien.nagual.nl security run output
Bill Moran
wmoran at collaborativefusion.com
Sun Aug 27 14:19:03 UTC 2006
dick hoogendijk wrote:
> I'm a little worried after reading the security output this morning.
> It seems some files [ping, ping6, shutdown, at, atq and atrm] have
> setuid diffs. I really don't know why this could have happened.
> I updated some ports yesterday, but I don't think any port writes
> in /sbin (?)
> Could someboddy advice me on what can have happened?
>
If you didn't do an installworld or any other upgrade, then something is
wrong.
They could be trojaned as part of a breakin, you you could be
experiencing disk corruption.
> Begin forwarded message [some Xorg update warnings deleted]:
>
> Checking setuid files and devices:
> Checking setuid files and devices:
>
> lothlorien.nagual.nl setuid diffs:
> --- /var/log/setuid.today Mon Aug 14 03:03:25 2006
> +++ /tmp/security.aJbHsCR6 Sun Aug 27 03:03:22 2006
> @@ -3,12 +3,12 @@
> 23637 -r-sr-xr-x 1 root wheel 21792 May 12 21:47:15
> 2006 /sbin/ping
> 23638 -r-sr-xr-x 1 root wheel 28660 May 12
> 21:47:15 2006 /sbin/ping6
> 23651 -r-sr-x--- 1 root operator 10148
> May 12 21:47:17 2006 /sbin/shutdown
> 7042059 -r-sr-xr-x 4 root wheel 20948
> May 12 21:48:10 2006 /usr/bin/at
> 7042059 -r-sr-xr-x 4 root
> wheel 20948 May 12 21:48:10 2006 /usr/bin/atq
> 7042059 -r-sr-xr-x 4
> root wheel 20948 May 12 21:48:10 2006 /usr/bin/atrm
>
>
More information about the freebsd-questions
mailing list