Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 30 Apr 2001 10:10:55 -0400 (EDT)
From:      Jon Nathan <jon@rupture.net>
To:        <freebsd-questions@freebsd.org>
Subject:   security check output (fwd)
Message-ID:  <Pine.BSF.4.33.0104301003230.93778-100000@froody.rupture.net>
next in thread | raw e-mail | index | archive | help 
hello,

i hate to follow up my own posts, but i figured out why the below
happened and figured that i would share.

i changed the time zone setting,  which changed the timestamps on all
the files.  i realised this when it occurred on another machine and
the light bulb turned on.  also, all of the files below are exactly 5
hours apart, resulting from me setting the tz from UTC to EST.

-jon

-- 
Jon Nathan
jon@rupture.net
http://www.rupture.net/~jon/


---------- Forwarded message ----------
Date: Sat, 10 Mar 2001 18:58:41 -0500 (EST)
From: Jon Nathan <jon@rupture.net>
To: freebsd-questions@freebsd.org
Subject: security check output (fwd)

hello,

on one of my machines, i got the following daily security output.  the
file permissions haven't really changed, but the numbers in teh first
column did.  i never really noticed them before - what do they mean?

you'll also notice the file:table is full error message.  i chopped
about 1600 of them..  i've since changed the kern.maxfiles setting
with sysctl.  am i correct to assume that the security run's find
command just opens a lot of file handles, and when they're not
available, weird things happen?

-jon

-- 
Jon Nathan
jon@rupture.net
http://www.rupture.net/~jon/


---------- Forwarded message ----------
Date: Fri, 9 Mar 2001 22:01:01 -0500 (EST)
From: Charlie Root <root@w6.chaffee.com>
To: undisclosed-recipients:  ;
Subject: w6.chaffee.com security check output
Resent-Date: Sat, 10 Mar 2001 18:52:49 -0500 (EST)
Resent-From: Jon Nathan <jon@chaffee.com>
Resent-To: jon@rupture.net
Resent-Subject: w6.chaffee.com security check output

Checking setuid files and devices:


w6.chaffee.com setuid diffs:
1,70c1,70
< 23827 -r-xr-sr-x  1 root  operator   56892 Feb 17 16:51:01 2001 /bin/df
< 23838 -r-sr-xr-x  1 root  wheel     242256 Feb 17 16:51:02 2001 /bin/rcp
<   107 -r-xr-sr-x  1 root  kmem       62792 Feb 17 16:51:51 2001 /sbin/ccdconfig
<   113 -r-xr-sr-x  1 root  kmem       69544 Feb 17 16:51:52 2001 /sbin/dmesg
<   303 -r-xr-sr-x  2 root  tty       257516 Feb 17 16:51:52 2001 /sbin/dump
<   149 -r-sr-xr-x  1 root  wheel     195692 Feb 17 16:51:56 2001 /sbin/ping
<   150 -r-sr-xr-x  1 root  bin       190888 Feb 17 16:51:56 2001 /sbin/ping6
<   303 -r-xr-sr-x  2 root  tty       257516 Feb 17 16:51:52 2001 /sbin/rdump
<   153 -r-xr-sr-x  2 root  tty       283788 Feb 17 16:51:57 2001 /sbin/restore
<   154 -r-sr-xr-x  1 root  wheel     191736 Feb 17 16:51:57 2001 /sbin/route
<   153 -r-xr-sr-x  2 root  tty       283788 Feb 17 16:51:57 2001 /sbin/rrestore
<   160 -r-sr-x---  1 root  operator  164484 Feb 17 16:51:57 2001 /sbin/shutdown
<  8031 -r-sr-xr-x  4 root  wheel      19540 Feb 17 16:52:15 2001 /usr/bin/at
<  8031 -r-sr-xr-x  4 root  wheel      19540 Feb 17 16:52:15 2001 /usr/bin/atq
< 8031 -r-sr-xr-x  4 root  wheel  19540 Feb 17 16:52:15 2001 /usr/bin/atrm
< 8031 -r-sr-xr-x  4 root  wheel  19540 Feb 17 16:52:15 2001 /usr/bin/batch
< 8044 -r-sr-xr-x  6 root  wheel  32184 Feb 17 16:52:16 2001 /usr/bin/chfn
< 8044 -r-sr-xr-x  6 root  wheel  32184 Feb 17 16:52:16 2001 /usr/bin/chpass
< 8044 -r-sr-xr-x  6 root  wheel  32184 Feb 17 16:52:16 2001 /usr/bin/chsh
<   8237 -r-sr-xr-x  1 root  wheel    24508 Feb 17 16:52:36 2001 /usr/bin/crontab
<  9077 -r-sr-sr-x  1 uucp  dialer    123856 Feb 17 16:51:08 2001 /usr/bin/cu
< 8072 -r-xr-sr-x  1 root  kmem   13108 Feb 17 16:52:19 2001 /usr/bin/fstat
< 8087 -r-xr-sr-x  1 root  kmem    9832 Feb 17 16:52:20 2001 /usr/bin/ipcs
< 8083 -r-sr-xr-x  1 root  wheel    510 Feb 17 16:52:20 2001 /usr/bin/keyinfo
< 8093 -r-sr-xr-x  1 root  wheel   7444 Feb 17 16:52:20 2001 /usr/bin/keyinit
< 8111 -r-sr-xr-x  1 root  wheel   7004 Feb 17 16:52:22 2001 /usr/bin/lock
< 8114 -r-sr-xr-x  1 root  wheel  20436 Feb 17 16:52:22 2001 /usr/bin/login
<   8242 -r-sr-sr-x  1 root  daemon   23720 Feb 17 16:52:49 2001 /usr/bin/lpq
<   8244 -r-sr-sr-x  1 root  daemon   27304 Feb 17 16:52:49 2001 /usr/bin/lpr
<   8245 -r-sr-sr-x  1 root  daemon   22636 Feb 17 16:52:49 2001 /usr/bin/lprm
<  7987 -r-sr-xr-x  1 man   wheel      27936 Feb 17 16:51:20 2001 /usr/bin/man
< 8134 -r-xr-sr-x  1 root  kmem   85104 Feb 17 16:52:24 2001 /usr/bin/netstat
< 8136 -r-xr-sr-x  1 root  kmem    9936 Feb 17 16:52:24 2001 /usr/bin/nfsstat
< 8142 -r-sr-xr-x  2 root  wheel  26564 Feb 17 16:52:24 2001 /usr/bin/passwd
< 8149 -r-sr-xr-x  1 root  wheel  10440 Feb 17 16:52:25 2001 /usr/bin/quota
< 8145 -r-sr-xr-x  1 root  wheel  10216 Feb 17 16:52:25 2001 /usr/bin/rlogin
<   8154 -r-sr-xr-x  1 root  wheel     7584 Feb 17 16:52:25 2001 /usr/bin/rsh
<   8168 -r-sr-xr-x  1 root  wheel     8168 Feb 17 16:52:26 2001 /usr/bin/su
<   8172 -r-xr-sr-x  1 root  kmem     56144 Feb 17 16:52:26 2001 /usr/bin/systat
<   8180 -r-xr-sr-x  1 root  kmem     32344 Feb 17 16:52:27 2001 /usr/bin/top
< 10231 -r-sr-xr-x  1 uucp  wheel      88228 Feb 17 16:51:08 2001 /usr/bin/uucp
<  7940 -r-sr-xr-x  1 uucp  wheel      37312 Feb 17 16:51:08 2001 /usr/bin/uuname
<  7943 -r-sr-sr-x  1 uucp  dialer     96752 Feb 17 16:51:09 2001 /usr/bin/uustat
<  7945 -r-sr-xr-x  1 uucp  wheel      88844 Feb 17 16:51:09 2001 /usr/bin/uux
<   8204 -r-xr-sr-x  1 root  kmem     16368 Feb 17 16:52:30 2001 /usr/bin/vmstat
<   8206 -r-xr-sr-x  1 root  tty       9040 Feb 17 16:52:30 2001 /usr/bin/wall
<   8214 -r-xr-sr-x  1 root  tty       7500 Feb 17 16:52:30 2001 /usr/bin/write
< 8044 -r-sr-xr-x  6 root  wheel  32184 Feb 17 16:52:16 2001 /usr/bin/ypchfn
< 8044 -r-sr-xr-x  6 root  wheel  32184 Feb 17 16:52:16 2001 /usr/bin/ypchpass
< 8044 -r-sr-xr-x  6 root  wheel  32184 Feb 17 16:52:16 2001 /usr/bin/ypchsh
< 8142 -r-sr-xr-x  2 root  wheel  26564 Feb 17 16:52:24 2001 /usr/bin/yppasswd
< 246073 -r-xr-sr-x  1 root  games      7176 Feb 17 16:51:04 2001 /usr/games/dm
< 279870 -r-sr-xr-x  1 root  wheel   397908 Feb 17 16:52:50 2001 /usr/libexec/sendmail/sendmail
< 311711 -r-sr-sr-x  1 uucp  dialer  220672 Feb 17 16:51:08 2001 /usr/libexec/uucp/uucico
< 311468 -r-sr-s---  1 uucp  uucp     99584 Feb 17 16:51:09 2001 /usr/libexec/uucp/uuxqt
<   9064 -rws--x--x  1 root  wheel   557904 Dec 11 01:24:55 2000 /usr/local/bin/ssh1
< 333377 -r-xr-sr-x  1 root  kmem      4664 Feb 17 16:52:37 2001 /usr/sbin/ifmcstat
< 333379 -r-xr-sr-x  1 root  kmem      9608 Feb 17 16:52:37 2001 /usr/sbin/iostat
< 333491 -r-xr-sr-x  1 root  daemon    30196 Feb 17 16:52:49 2001 /usr/sbin/lpc
< 333396 -r-sr-xr-x  1 root  wheel    16348 Feb 17 16:52:39 2001 /usr/sbin/mrinfo
< 333398 -r-sr-xr-x  1 root  wheel    29896 Feb 17 16:52:39 2001 /usr/sbin/mtrace
< 333533 -r-sr-xr--  1 root  network  294100 Feb 17 16:52:43 2001 /usr/sbin/ppp
< 333534 -r-sr-xr-x  1 root  wheel     95612 Feb 17 16:52:43 2001 /usr/sbin/pppd
< 335620 -r-xr-sr-x  2 root  kmem     14616 Feb 17 16:52:43 2001 /usr/sbin/pstat
< 333452 -r-sr-x---  1 root  network   11112 Feb 17 16:52:45 2001 /usr/sbin/sliplogin
< 335620 -r-xr-sr-x  2 root  kmem      14616 Feb 17 16:52:43 2001 /usr/sbin/swapinfo
< 333463 -r-sr-xr-x  1 root  wheel     15112 Feb 17 16:52:46 2001 /usr/sbin/timedc
< 333464 -r-sr-xr-x  1 root  wheel     13168 Feb 17 16:52:46 2001 /usr/sbin/traceroute
< 333465 -r-sr-xr-x  1 root  bin       14952 Feb 17 16:52:46 2001 /usr/sbin/traceroute6
< 333466 -r-xr-sr-x  1 root  kmem       8040 Feb 17 16:52:46 2001 /usr/sbin/trpt
---
> 23827 -r-xr-sr-x  1 root  operator   56892 Feb 17 11:51:01 2001 /bin/df
> 23838 -r-sr-xr-x  1 root  wheel     242256 Feb 17 11:51:02 2001 /bin/rcp
>   107 -r-xr-sr-x  1 root  kmem       62792 Feb 17 11:51:51 2001 /sbin/ccdconfig
>   113 -r-xr-sr-x  1 root  kmem       69544 Feb 17 11:51:52 2001 /sbin/dmesg
>   303 -r-xr-sr-x  2 root  tty       257516 Feb 17 11:51:52 2001 /sbin/dump
>   149 -r-sr-xr-x  1 root  wheel     195692 Feb 17 11:51:56 2001 /sbin/ping
>   150 -r-sr-xr-x  1 root  bin       190888 Feb 17 11:51:56 2001 /sbin/ping6
>   303 -r-xr-sr-x  2 root  tty       257516 Feb 17 11:51:52 2001 /sbin/rdump
>   153 -r-xr-sr-x  2 root  tty       283788 Feb 17 11:51:57 2001 /sbin/restore
>   154 -r-sr-xr-x  1 root  wheel     191736 Feb 17 11:51:57 2001 /sbin/route
>   153 -r-xr-sr-x  2 root  tty       283788 Feb 17 11:51:57 2001 /sbin/rrestore
>   160 -r-sr-x---  1 root  operator  164484 Feb 17 11:51:57 2001 /sbin/shutdown
>  8031 -r-sr-xr-x  4 root  wheel      19540 Feb 17 11:52:15 2001 /usr/bin/at
>  8031 -r-sr-xr-x  4 root  wheel      19540 Feb 17 11:52:15 2001 /usr/bin/atq
> 8031 -r-sr-xr-x  4 root  wheel  19540 Feb 17 11:52:15 2001 /usr/bin/atrm
> 8031 -r-sr-xr-x  4 root  wheel  19540 Feb 17 11:52:15 2001 /usr/bin/batch
> 8044 -r-sr-xr-x  6 root  wheel  32184 Feb 17 11:52:16 2001 /usr/bin/chfn
> 8044 -r-sr-xr-x  6 root  wheel  32184 Feb 17 11:52:16 2001 /usr/bin/chpass
> 8044 -r-sr-xr-x  6 root  wheel  32184 Feb 17 11:52:16 2001 /usr/bin/chsh
>   8237 -r-sr-xr-x  1 root  wheel    24508 Feb 17 11:52:36 2001 /usr/bin/crontab
>  9077 -r-sr-sr-x  1 uucp  dialer    123856 Feb 17 11:51:08 2001 /usr/bin/cu
> 8072 -r-xr-sr-x  1 root  kmem   13108 Feb 17 11:52:19 2001 /usr/bin/fstat
> 8087 -r-xr-sr-x  1 root  kmem    9832 Feb 17 11:52:20 2001 /usr/bin/ipcs
> 8083 -r-sr-xr-x  1 root  wheel    510 Feb 17 11:52:20 2001 /usr/bin/keyinfo
> 8093 -r-sr-xr-x  1 root  wheel   7444 Feb 17 11:52:20 2001 /usr/bin/keyinit
> 8111 -r-sr-xr-x  1 root  wheel   7004 Feb 17 11:52:22 2001 /usr/bin/lock
> 8114 -r-sr-xr-x  1 root  wheel  20436 Feb 17 11:52:22 2001 /usr/bin/login
>   8242 -r-sr-sr-x  1 root  daemon   23720 Feb 17 11:52:49 2001 /usr/bin/lpq
>   8244 -r-sr-sr-x  1 root  daemon   27304 Feb 17 11:52:49 2001 /usr/bin/lpr
>   8245 -r-sr-sr-x  1 root  daemon   22636 Feb 17 11:52:49 2001 /usr/bin/lprm
>  7987 -r-sr-xr-x  1 man   wheel      27936 Feb 17 11:51:20 2001 /usr/bin/man
> 8134 -r-xr-sr-x  1 root  kmem   85104 Feb 17 11:52:24 2001 /usr/bin/netstat
> 8136 -r-xr-sr-x  1 root  kmem    9936 Feb 17 11:52:24 2001 /usr/bin/nfsstat
> 8142 -r-sr-xr-x  2 root  wheel  26564 Feb 17 11:52:24 2001 /usr/bin/passwd
> 8149 -r-sr-xr-x  1 root  wheel  10440 Feb 17 11:52:25 2001 /usr/bin/quota
> 8145 -r-sr-xr-x  1 root  wheel  10216 Feb 17 11:52:25 2001 /usr/bin/rlogin
>   8154 -r-sr-xr-x  1 root  wheel     7584 Feb 17 11:52:25 2001 /usr/bin/rsh
>   8168 -r-sr-xr-x  1 root  wheel     8168 Feb 17 11:52:26 2001 /usr/bin/su
>   8172 -r-xr-sr-x  1 root  kmem     56144 Feb 17 11:52:26 2001 /usr/bin/systat
>   8180 -r-xr-sr-x  1 root  kmem     32344 Feb 17 11:52:27 2001 /usr/bin/top
> 10231 -r-sr-xr-x  1 uucp  wheel      88228 Feb 17 11:51:08 2001 /usr/bin/uucp
>  7940 -r-sr-xr-x  1 uucp  wheel      37312 Feb 17 11:51:08 2001 /usr/bin/uuname
>  7943 -r-sr-sr-x  1 uucp  dialer     96752 Feb 17 11:51:09 2001 /usr/bin/uustat
>  7945 -r-sr-xr-x  1 uucp  wheel      88844 Feb 17 11:51:09 2001 /usr/bin/uux
>   8204 -r-xr-sr-x  1 root  kmem     16368 Feb 17 11:52:30 2001 /usr/bin/vmstat
>   8206 -r-xr-sr-x  1 root  tty       9040 Feb 17 11:52:30 2001 /usr/bin/wall
>   8214 -r-xr-sr-x  1 root  tty       7500 Feb 17 11:52:30 2001 /usr/bin/write
> 8044 -r-sr-xr-x  6 root  wheel  32184 Feb 17 11:52:16 2001 /usr/bin/ypchfn
> 8044 -r-sr-xr-x  6 root  wheel  32184 Feb 17 11:52:16 2001 /usr/bin/ypchpass
> 8044 -r-sr-xr-x  6 root  wheel  32184 Feb 17 11:52:16 2001 /usr/bin/ypchsh
> 8142 -r-sr-xr-x  2 root  wheel  26564 Feb 17 11:52:24 2001 /usr/bin/yppasswd
> 246073 -r-xr-sr-x  1 root  games      7176 Feb 17 11:51:04 2001 /usr/games/dm
> 279870 -r-sr-xr-x  1 root  wheel   397908 Feb 17 11:52:50 2001 /usr/libexec/sendmail/sendmail
> 311711 -r-sr-sr-x  1 uucp  dialer  220672 Feb 17 11:51:08 2001 /usr/libexec/uucp/uucico
> 311468 -r-sr-s---  1 uucp  uucp     99584 Feb 17 11:51:09 2001 /usr/libexec/uucp/uuxqt
>   9064 -rws--x--x  1 root  wheel   557904 Dec 10 20:24:55 2000 /usr/local/bin/ssh1
> 333377 -r-xr-sr-x  1 root  kmem      4664 Feb 17 11:52:37 2001 /usr/sbin/ifmcstat
> 333379 -r-xr-sr-x  1 root  kmem      9608 Feb 17 11:52:37 2001 /usr/sbin/iostat
> 333491 -r-xr-sr-x  1 root  daemon    30196 Feb 17 11:52:49 2001 /usr/sbin/lpc
> 333396 -r-sr-xr-x  1 root  wheel    16348 Feb 17 11:52:39 2001 /usr/sbin/mrinfo
> 333398 -r-sr-xr-x  1 root  wheel    29896 Feb 17 11:52:39 2001 /usr/sbin/mtrace
> 333533 -r-sr-xr--  1 root  network  294100 Feb 17 11:52:43 2001 /usr/sbin/ppp
> 333534 -r-sr-xr-x  1 root  wheel     95612 Feb 17 11:52:43 2001 /usr/sbin/pppd
> 335620 -r-xr-sr-x  2 root  kmem     14616 Feb 17 11:52:43 2001 /usr/sbin/pstat
> 333452 -r-sr-x---  1 root  network   11112 Feb 17 11:52:45 2001 /usr/sbin/sliplogin
> 335620 -r-xr-sr-x  2 root  kmem      14616 Feb 17 11:52:43 2001 /usr/sbin/swapinfo
> 333463 -r-sr-xr-x  1 root  wheel     15112 Feb 17 11:52:46 2001 /usr/sbin/timedc
> 333464 -r-sr-xr-x  1 root  wheel     13168 Feb 17 11:52:46 2001 /usr/sbin/traceroute
> 333465 -r-sr-xr-x  1 root  bin       14952 Feb 17 11:52:46 2001 /usr/sbin/traceroute6
> 333466 -r-xr-sr-x  1 root  kmem       8040 Feb 17 11:52:46 2001 /usr/sbin/trpt


Checking for uids of 0:
root 0
toor 0


Checking for passwordless accounts:


w6.chaffee.com kernel log messages:
> >file: table is full
> file: table is full
> file: table is full
> file: table is full
> file: table is full
> file: table is full
[ last message repeated 1600 times 8-) ]



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0104301003230.93778-100000>