Site Navigation

Date:      Thu, 04 Sep 1997 10:02:01 -0400
From:      Costa Morris <costa@cortx.com>
To:        questions@FreeBSD.ORG
Subject:   security check output
Message-ID:  <3.0.2.32.19970904100201.00a41470@cortx.com>

---

next in thread | raw e-mail | index | archive | help

---

i recently received this in a security check output:

setuid diffs:
1,67c1,67
< -r-sr-xr-x  1 root  bin        40960 Apr  1 11:24:58 1997 /bin/chio
< -r-xr-sr-x  1 3     operator   49152 Apr  1 11:25:02 1997 /bin/df
< -r-xr-sr-x  1 3     kmem      167936 Apr  1 11:25:09 1997 /bin/ps
< -r-sr-xr-x  1 root  bin       208896 Apr  1 11:39:47 1997 /bin/rcp
< -r-xr-sr-x  1 3     kmem       94208 Apr  1 11:28:39 1997 /sbin/ccdconfig
< -r-xr-sr-x  1 3     kmem      106496 Apr  1 11:28:41 1997 /sbin/dmesg
< -r-xr-sr-x  2 root  tty       196608 Apr  1 11:28:42 1997 /sbin/dump
< -r-sr-xr-x  1 root  bin       139264 Apr  1 11:29:12 1997 /sbin/mount_msdos
< -r-sr-xr-x  1 root  bin       126976 Apr  1 11:28:58 1997 /sbin/ping
< -r-xr-sr-x  2 root  tty       196608 Apr  1 11:28:42 1997 /sbin/rdump
< -r-xr-sr-x  2 root  tty       212992 Apr  1 11:29:00 1997 /sbin/restore
< -r-sr-xr-x  1 root  bin       135168 Apr  1 11:29:01 1997 /sbin/route
< -r-xr-sr-x  2 root  tty       212992 Apr  1 11:29:00 1997 /sbin/rrestore
< -r-sr-x---  1 root  operator  135168 Apr  1 11:29:04 1997 /sbin/shutdown
< -r-sr-xr-x  4 root  bin    20480 Apr  1 11:30:41 1997 /usr/bin/at
< -r-sr-xr-x  4 root  bin    20480 Apr  1 11:30:41 1997 /usr/bin/atq
< -r-sr-xr-x  4 root  bin    20480 Apr  1 11:30:41 1997 /usr/bin/atrm
< -r-sr-xr-x  4 root  bin    20480 Apr  1 11:30:41 1997 /usr/bin/batch
< -r-sr-xr-x  6 root  bin    36864 Apr  1 11:30:53 1997 /usr/bin/chfn
< -r-sr-xr-x  6 root  bin    36864 Apr  1 11:30:53 1997 /usr/bin/chpass
< -r-sr-xr-x  6 root  bin    36864 Apr  1 11:30:53 1997 /usr/bin/chsh
< -r-sr-xr-x  1 root  bin      24576 Apr  1 11:32:37 1997 /usr/bin/crontab
< -r-sr-sr-x  1 66    68        110592 Apr  1 11:26:18 1997 /usr/bin/cu
< -r-xr-sr-x  1 3     kmem   16384 Apr  1 11:31:08 1997 /usr/bin/fstat
< -r-sr-sr-x  5 root  kmem    286720 Jul 18 16:41:08 1997 /usr/bin/hoststat
< -r-xr-sr-x  1 3     kmem   16384 Apr  1 11:31:14 1997 /usr/bin/ipcs
< -r-sr-xr-x  1 root  bin      485 Apr  1 11:31:16 1997 /usr/bin/keyinfo
< -r-sr-xr-x  1 root  bin    12288 Apr  1 11:31:16 1997 /usr/bin/keyinit
< -r-sr-xr-x  1 root  bin    12288 Apr  1 11:31:26 1997 /usr/bin/lock
< -r-sr-xr-x  1 root  bin    24576 Apr  1 11:40:02 1997 /usr/bin/login
< -r-sr-sr-x  1 root  daemon   20480 Apr  1 11:32:44 1997 /usr/bin/lpq
< -r-sr-sr-x  1 root  daemon   20480 Apr  1 11:32:45 1997 /usr/bin/lpr
< -r-sr-sr-x  1 root  daemon   20480 Apr  1 11:32:45 1997 /usr/bin/lprm
< -r-sr-sr-x  5 root  kmem    286720 Jul 18 16:41:08 1997 /usr/bin/mailq
< -r-sr-xr-x  1 9     bin        28672 Apr  1 11:27:41 1997 /usr/bin/man
< -r-xr-sr-x  1 3     kmem   49152 Apr  1 11:31:36 1997 /usr/bin/netstat
< -r-sr-sr-x  5 root  kmem    286720 Jul 18 16:41:08 1997 /usr/bin/newaliases
< -r-xr-sr-x  1 3     kmem   12288 Apr  1 11:31:36 1997 /usr/bin/nfsstat
< -r-sr-xr-x  2 root  bin      32768 Apr  1 11:40:16 1997 /usr/bin/passwd
< -r-sr-sr-x  5 root  kmem    286720 Jul 18 16:41:08 1997 /usr/bin/purgestat
< -r-sr-xr-x  1 root  bin      16384 Apr  1 11:31:40 1997 /usr/bin/quota
< -r-sr-xr-x  1 root  bin      12288 Apr  1 11:39:33 1997 /usr/bin/register
< -r-sr-xr-x  1 root  bin      20480 Apr  1 11:40:20 1997 /usr/bin/rlogin
< -r-sr-xr-x  1 root  bin      16384 Apr  1 11:40:24 1997 /usr/bin/rsh
< ---s--x--x  2 root  bin   282624 Apr  1 11:27:49 1997 /usr/bin/sperl4.036
< -r-sr-xr-x  1 root  bin      16384 Apr  1 11:40:26 1997 /usr/bin/su
< ---s--x--x  2 root  bin   282624 Apr  1 11:27:49 1997 /usr/bin/suidperl
< -r-xr-sr-x  1 3     kmem     40960 Apr  1 11:32:28 1997 /usr/bin/systat
< -r-xr-sr-x  2 3     kmem     16384 Apr  1 11:32:12 1997 /usr/bin/uptime
< -r-sr-xr-x  1 66    bin        77824 Apr  1 11:26:21 1997 /usr/bin/uucp
< -r-sr-xr-x  1 66    bin        36864 Apr  1 11:26:21 1997 /usr/bin/uuname
< -r-sr-sr-x  1 66    68         86016 Apr  1 11:26:23 1997 /usr/bin/uustat
< -r-sr-xr-x  1 66    bin        77824 Apr  1 11:26:24 1997 /usr/bin/uux
< -r-xr-sr-x  1 3     kmem     20480 Apr  1 11:32:29 1997 /usr/bin/vmstat
< -r-xr-sr-x  2 3     kmem     16384 Apr  1 11:32:12 1997 /usr/bin/w
< -r-xr-sr-x  1 3     tty      12288 Apr  1 11:32:13 1997 /usr/bin/wall
< -r-xr-sr-x  1 3     tty      12288 Apr  1 11:32:16 1997 /usr/bin/write
< -r-sr-xr-x  6 root  bin    36864 Apr  1 11:30:53 1997 /usr/bin/ypchfn
< -r-sr-xr-x  6 root  bin    36864 Apr  1 11:30:53 1997 /usr/bin/ypchpass
< -r-sr-xr-x  6 root  bin    36864 Apr  1 11:30:53 1997 /usr/bin/ypchsh
< -r-sr-xr-x  2 root  bin      32768 Apr  1 11:40:16 1997 /usr/bin/yppasswd
< -r-sr-xr-x  1 root  bin      12288 Apr  1 11:28:24 1997
/usr/libexec/mail.local
< -r-sr-sr-x  1 66    68      196608 Apr  1 11:26:20 1997
/usr/libexec/uucp/uucico
< -r-sr-x---  1 66    uucp     90112 Apr  1 11:26:24 1997
/usr/libexec/uucp/uuxqt
< -rwsr-xr-x  1 root  bin     172032 Mar 13 14:05:16 1997
/usr/local/bin/screen-3.7.2
< ---s--x--x  2 root  bin     417792 Mar 13 08:17:32 1997
/usr/local/bin/sperl5.003
< ---s--x--x  2 root  bin     417792 Mar 13 08:17:32 1997
/usr/local/bin/suidperl
---
> -r-sr-xr-x  1 root  bin        40960 Apr  1 06:24:58 1997 /bin/chio
> -r-xr-sr-x  1 bin   operator   49152 Apr  1 06:25:02 1997 /bin/df
> -r-xr-sr-x  1 bin   kmem      167936 Apr  1 06:25:09 1997 /bin/ps
> -r-sr-xr-x  1 root  bin       208896 Apr  1 06:39:47 1997 /bin/rcp
> -r-xr-sr-x  1 bin   kmem       94208 Apr  1 06:28:39 1997 /sbin/ccdconfig
> -r-xr-sr-x  1 bin   kmem      106496 Apr  1 06:28:41 1997 /sbin/dmesg
> -r-xr-sr-x  2 root  tty       196608 Apr  1 06:28:42 1997 /sbin/dump
> -r-sr-xr-x  1 root  bin       139264 Apr  1 06:29:12 1997 /sbin/mount_msdos
> -r-sr-xr-x  1 root  bin       126976 Apr  1 06:28:58 1997 /sbin/ping
> -r-xr-sr-x  2 root  tty       196608 Apr  1 06:28:42 1997 /sbin/rdump
> -r-xr-sr-x  2 root  tty       212992 Apr  1 06:29:00 1997 /sbin/restore
> -r-sr-xr-x  1 root  bin       135168 Apr  1 06:29:01 1997 /sbin/route
> -r-xr-sr-x  2 root  tty       212992 Apr  1 06:29:00 1997 /sbin/rrestore
> -r-sr-x---  1 root  operator  135168 Apr  1 06:29:04 1997 /sbin/shutdown
> -r-sr-xr-x  4 root  bin    20480 Apr  1 06:30:41 1997 /usr/bin/at
> -r-sr-xr-x  4 root  bin    20480 Apr  1 06:30:41 1997 /usr/bin/atq
> -r-sr-xr-x  4 root  bin    20480 Apr  1 06:30:41 1997 /usr/bin/atrm
> -r-sr-xr-x  4 root  bin    20480 Apr  1 06:30:41 1997 /usr/bin/batch
> -r-sr-xr-x  6 root  bin    36864 Apr  1 06:30:53 1997 /usr/bin/chfn
> -r-sr-xr-x  6 root  bin    36864 Apr  1 06:30:53 1997 /usr/bin/chpass
> -r-sr-xr-x  6 root  bin    36864 Apr  1 06:30:53 1997 /usr/bin/chsh
> -r-sr-xr-x  1 root  bin      24576 Apr  1 06:32:37 1997 /usr/bin/crontab
> -r-sr-sr-x  1 uucp  68        110592 Apr  1 06:26:18 1997 /usr/bin/cu
> -r-xr-sr-x  1 bin   kmem   16384 Apr  1 06:31:08 1997 /usr/bin/fstat
> -r-sr-sr-x  5 root  kmem    286720 Jul 18 12:41:08 1997 /usr/bin/hoststat
> -r-xr-sr-x  1 bin   kmem   16384 Apr  1 06:31:14 1997 /usr/bin/ipcs
> -r-sr-xr-x  1 root  bin      485 Apr  1 06:31:16 1997 /usr/bin/keyinfo
> -r-sr-xr-x  1 root  bin    12288 Apr  1 06:31:16 1997 /usr/bin/keyinit
> -r-sr-xr-x  1 root  bin    12288 Apr  1 06:31:26 1997 /usr/bin/lock
> -r-sr-xr-x  1 root  bin    24576 Apr  1 06:40:02 1997 /usr/bin/login
> -r-sr-sr-x  1 root  daemon   20480 Apr  1 06:32:44 1997 /usr/bin/lpq
> -r-sr-sr-x  1 root  daemon   20480 Apr  1 06:32:45 1997 /usr/bin/lpr
> -r-sr-sr-x  1 root  daemon   20480 Apr  1 06:32:45 1997 /usr/bin/lprm
> -r-sr-sr-x  5 root  kmem    286720 Jul 18 12:41:08 1997 /usr/bin/mailq
> -r-sr-xr-x  1 man   bin        28672 Apr  1 06:27:41 1997 /usr/bin/man
> -r-xr-sr-x  1 bin   kmem   49152 Apr  1 06:31:36 1997 /usr/bin/netstat
> -r-sr-sr-x  5 root  kmem    286720 Jul 18 12:41:08 1997 /usr/bin/newaliases
> -r-xr-sr-x  1 bin   kmem   12288 Apr  1 06:31:36 1997 /usr/bin/nfsstat
> -r-sr-xr-x  2 root  bin      32768 Apr  1 06:40:16 1997 /usr/bin/passwd
> -r-sr-sr-x  5 root  kmem    286720 Jul 18 12:41:08 1997 /usr/bin/purgestat
> -r-sr-xr-x  1 root  bin      16384 Apr  1 06:31:40 1997 /usr/bin/quota
> -r-sr-xr-x  1 root  bin      12288 Apr  1 06:39:33 1997 /usr/bin/register
> -r-sr-xr-x  1 root  bin      20480 Apr  1 06:40:20 1997 /usr/bin/rlogin
> -r-sr-xr-x  1 root  bin      16384 Apr  1 06:40:24 1997 /usr/bin/rsh
> ---s--x--x  2 root  bin   282624 Apr  1 06:27:49 1997 /usr/bin/sperl4.036
> -r-sr-xr-x  1 root  bin      16384 Apr  1 06:40:26 1997 /usr/bin/su
> ---s--x--x  2 root  bin   282624 Apr  1 06:27:49 1997 /usr/bin/suidperl
> -r-xr-sr-x  1 bin   kmem     40960 Apr  1 06:32:28 1997 /usr/bin/systat
> -r-xr-sr-x  2 bin   kmem     16384 Apr  1 06:32:12 1997 /usr/bin/uptime
> -r-sr-xr-x  1 uucp  bin        77824 Apr  1 06:26:21 1997 /usr/bin/uucp
> -r-sr-xr-x  1 uucp  bin        36864 Apr  1 06:26:21 1997 /usr/bin/uuname
> -r-sr-sr-x  1 uucp  68         86016 Apr  1 06:26:23 1997 /usr/bin/uustat
> -r-sr-xr-x  1 uucp  bin        77824 Apr  1 06:26:24 1997 /usr/bin/uux
> -r-xr-sr-x  1 bin   kmem     20480 Apr  1 06:32:29 1997 /usr/bin/vmstat
> -r-xr-sr-x  2 bin   kmem     16384 Apr  1 06:32:12 1997 /usr/bin/w
> -r-xr-sr-x  1 bin   tty      12288 Apr  1 06:32:13 1997 /usr/bin/wall
> -r-xr-sr-x  1 bin   tty      12288 Apr  1 06:32:16 1997 /usr/bin/write
> -r-sr-xr-x  6 root  bin    36864 Apr  1 06:30:53 1997 /usr/bin/ypchfn
> -r-sr-xr-x  6 root  bin    36864 Apr  1 06:30:53 1997 /usr/bin/ypchpass
> -r-sr-xr-x  6 root  bin    36864 Apr  1 06:30:53 1997 /usr/bin/ypchsh
> -r-sr-xr-x  2 root  bin      32768 Apr  1 06:40:16 1997 /usr/bin/yppasswd
> -r-sr-xr-x  1 root  bin      12288 Apr  1 06:28:24 1997
/usr/libexec/mail.local
> -r-sr-sr-x  1 uucp  68      196608 Apr  1 06:26:20 1997
/usr/libexec/uucp/uucico
> -r-sr-x---  1 uucp  uucp     90112 Apr  1 06:26:24 1997
/usr/libexec/uucp/uuxqt
> -rwsr-xr-x  1 root  bin     172032 Mar 13 09:05:16 1997
/usr/local/bin/screen-3.7.2
> ---s--x--x  2 root  bin     417792 Mar 13 03:17:32 1997
/usr/local/bin/sperl5.003
> ---s--x--x  2 root  bin     417792 Mar 13 03:17:32 1997
/usr/local/bin/suidperl
69,71c69,71
< -r-xr-sr-x  1 3     daemon   28672 Apr  1 11:32:43 1997 /usr/sbin/lpc
< -r-sr-xr-x  1 root  bin      20480 Apr  1 11:32:48 1997 /usr/sbin/mrinfo
< -r-sr-xr-x  1 root  bin      32768 Apr  1 11:32:49 1997 /usr/sbin/mtrace
---
> -r-xr-sr-x  1 bin   daemon   28672 Apr  1 06:32:43 1997 /usr/sbin/lpc
> -r-sr-xr-x  1 root  bin      20480 Apr  1 06:32:48 1997 /usr/sbin/mrinfo
> -r-sr-xr-x  1 root  bin      32768 Apr  1 06:32:49 1997 /usr/sbin/mtrace
73,82c73,82
< -r-sr-xr-x  1 root  bin     106496 Apr  1 11:33:08 1997 /usr/sbin/ppp
< -r-sr-xr-x  1 root  bin      77824 Apr  1 11:33:09 1997 /usr/sbin/pppd
< -r-xr-sr-x  2 3     kmem     20480 Apr  1 11:33:10 1997 /usr/sbin/pstat
< -r-sr-xr-x  1 root  bin     274432 Apr  1 11:34:21 1997 /usr/sbin/purgestat
< -r-sr-sr-x  5 root  kmem    286720 Jul 18 16:41:08 1997 /usr/sbin/sendmail
< -r-sr-xr-x  1 root  bin      16384 Apr  1 11:33:20 1997 /usr/sbin/sliplogin
< -r-xr-sr-x  2 3     kmem     20480 Apr  1 11:33:10 1997 /usr/sbin/swapinfo
< -r-sr-xr-x  1 root  bin      20480 Apr  1 11:33:25 1997 /usr/sbin/timedc
< -r-sr-xr-x  1 root  bin      16384 Apr  1 11:33:30 1997 /usr/sbin/traceroute
< -r-xr-sr-x  1 3     kmem     12288 Apr  1 11:33:30 1997 /usr/sbin/trpt
---
> -r-sr-xr-x  1 root  bin     106496 Apr  1 06:33:08 1997 /usr/sbin/ppp
> -r-sr-xr-x  1 root  bin      77824 Apr  1 06:33:09 1997 /usr/sbin/pppd
> -r-xr-sr-x  2 bin   kmem     20480 Apr  1 06:33:10 1997 /usr/sbin/pstat
> -r-sr-xr-x  1 root  bin     274432 Apr  1 06:34:21 1997 /usr/sbin/purgestat
> -r-sr-sr-x  5 root  kmem    286720 Jul 18 12:41:08 1997 /usr/sbin/sendmail
> -r-sr-xr-x  1 root  bin      16384 Apr  1 06:33:20 1997 /usr/sbin/sliplogin
> -r-xr-sr-x  2 bin   kmem     20480 Apr  1 06:33:10 1997 /usr/sbin/swapinfo
> -r-sr-xr-x  1 root  bin      20480 Apr  1 06:33:25 1997 /usr/sbin/timedc
> -r-sr-xr-x  1 root  bin      16384 Apr  1 06:33:30 1997 /usr/sbin/traceroute
> -r-xr-sr-x  1 bin   kmem     12288 Apr  1 06:33:30 1997 /usr/sbin/trpt


checking for uids of 0:
root 0
toor 0


can someone explain to me what happened?  was my system compromised? 

i'm not sure if this is related or not but i am receiving messges like this:
> pid 17280 (mail), uid 1125 on /: file system full
> pid 17288 (mail), uid 1125 on /: file system full
> pid 17288 (mail), uid 1125 on /: file system full
> pid 19871 (radiusd), uid 0: exited on signal 11 (core dumped)
> pid 19913 (radiusd), uid 0: exited on signal 11 (core dumped)

please advise.

thanks in advance!
-costa

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.2.32.19970904100201.00a41470>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact