Security Run Output Setuid Differences
Roland Smith
rsmith at xs4all.nl
Wed Jun 6 17:44:33 UTC 2007
On Tue, Jun 05, 2007 at 04:11:24PM -0700, Peter Pluta wrote:
> mail.***********.net setuid diffs:
> --- /var/log/setuid.today Mon May 21 03:02:30 2007
> +++ /tmp/security.wq6BsVcr Sun Jun 3 03:01:48 2007
> @@ -20,7 +20,7 @@
> 377398 -r-sr-xr-x 2 root wheel 5828 Jul 30 16:19:57 2006
> /usr/bin/yppasswd
> 71112 -rwsr-xr-x 1 root wheel 285580 May 20 18:23:48 2007
> /usr/local/bin/screen
> 70971 -rwxr-sr-x 1 root kmem 112708 May 20 18:23:03 2007
> /usr/local/sbin/lsof
> -73170 -rwxr-sr-x 1 root maildrop 142559 May 17 14:41:47 2007
> /usr/local/sbin/postdrop
> -73204 -rwxr-sr-x 1 root maildrop 152477 May 17 14:41:47 2007
> /usr/local/sbin/postqueue
> +71432 -rwxr-sr-x 1 root maildrop 142559 Jun 2 15:47:54 2007
> /usr/local/sbin/postdrop
> +71433 -rwxr-sr-x 1 root maildrop 152477 Jun 2 15:47:54 2007
> /usr/local/sbin/postqueue
> 923168 -rwxr-sr-x 1 root smmsp 5236 Jul 30 16:20:07 2006
> /usr/sbin/mailwrapper
> 923264 -r-sr-x--- 1 root network 11636 Jul 30 16:20:07 2006
> /usr/sbin/sliplogin
>
> I have some more, I'm starting to understand it a bit better. Basically the
> user:group id number has changed and the security run is letting me know.
> Good deal, but im still confused as to what the @@ -20,7 + 20,7 @@ and + -
> mean. Can anyone explain those? I'm curious, also why would yppasswd change
> to userid 2? I changed roots name yesterday, could that be the cause of it?
Those are a normal part of the output of the diff(1) program that generates
this.
Basically, the script /etc/periodic/security/100.chksetuid makes a list
of all setiud or setgid binaries. This list is compared with the
previous list by the diff(1) program, which shows the differences.
If you have a text file lying around, make a copy of it and change a
couple of lines in the copy. Then do 'diff -u originalfile newfile' and
you'll see how it works.
Roland
--
R.F.Smith http://www.xs4all.nl/~rsmith/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20070606/ace1d795/attachment.pgp
More information about the freebsd-questions
mailing list