Date: Mon, 21 May 2007 22:02:12 +0200 From: Roland Smith <rsmith@xs4all.nl> To: PeterPluta <peter@placidpublishing.net> Cc: freebsd-questions@freebsd.org Subject: Re: Security Run Output Setuid Differences Message-ID: <20070521200212.GA95817@slackbox.xs4all.nl> In-Reply-To: <10724835.post@talk.nabble.com> References: <10724342.post@talk.nabble.com> <20070521144544.09ec771b.wmoran@potentialtech.com> <10724835.post@talk.nabble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--EVF5PPMfhYS0aIcm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, May 21, 2007 at 11:59:33AM -0700, PeterPluta wrote: <snip> > > Looks like you were portupgrading around with postfix, screen and xterm. > >=20 > > The output is diff(1). See the man page for details, but it's basically > > showing you the difference between last night's directory listing, and > > that > > of the previous day. > >=20 > > For more gory details, see the scripts in /etc/periodic/security, which > > are > > run every night from cron. Some of the ports you changed resulted in > > changes to setuid/setgid programs installed on the system. As a securi= ty- > > concious administrator, you should be interested in the programs on your > > system that have elevated privilidges, so this script is provided to gi= ve > > you a daily report on that. >=20 > I see, so basically after reinstalling the default uid/gid of some progra= ms > changed? Is that a problem or anything?=20 It's not a problem. It's just something that you should be aware of from a security standpoint. In this case you caused it because you upgraded some ports, which is OK. But if the size, date, ownership or permissions of a binary change without any apparent cause, it _could_ be the work of an intruder or rootkit trying to backdoor your system. That's why the system checks it. In /etc/defaults/periodic.conf you see which settings there are concerning security, and what the defaults are. If you want to disable some of them, put the settings in /etc/periodic.conf with a "NO" value instead of "YES". But I would recommend to leave them as they are. Roland --=20 R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) --EVF5PPMfhYS0aIcm Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.3 (FreeBSD) iD8DBQFGUfrEEnfvsMMhpyURAk4ZAJ9zqZ4kkcMWoDWLttMdCH047BWTxACePwvf 5Byj1RTRfTI+mz7sfogY2+c= =yp+/ -----END PGP SIGNATURE----- --EVF5PPMfhYS0aIcm--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070521200212.GA95817>