Date: Thu, 7 Aug 2014 07:33:52 +0200 From: Kenneth Bernholm <kenneth@bernholm.dk> To: freebsd-questions@freebsd.org Subject: Re: Investigating passwd, group and setuid diffs in status mails Message-ID: <20140807053352.GA20057@zork> In-Reply-To: <3651ef748410db561b04fe10796b8e65@bernholm.dk> References: <3651ef748410db561b04fe10796b8e65@bernholm.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
I'm terribly sorry for the formatting failure in my initial mail. Obviously the cut and paste in my webmail client left out the newlines. Here's the data once more (hopefully more readable): The daily run output mail: Removing stale files from /var/preserve: Cleaning out old system announcements: Removing stale files from /var/rwho: Backup passwd and group files: zork passwd diffs: 34a35 > logcheck:(password):915:915::0:0:Logcheck system account:/var/lib/logcheck:/usr/local/bin/bash zork group diffs: 41a42,43 > ssmtp:*:916: > logcheck:*:915: Verifying group file syntax: /etc/group is fine Backing up mail aliases: Disk status: Filesystem Size Used Avail Capacity Mounted on /dev/ada0p2 140G 25G 105G 19% / devfs 1.0K 1.0K 0B 100% /dev /dev/da0p1 451G 22G 393G 5% /usbdisk Network interface status: Name Mtu Network Address Ipkts Ierrs Idrop Opkts Oerrs Coll Drop em0 1500 <Link#1> 90:e2:ba:6a:c0:dc 247366 0 0 227852 0 0 0 em0 1500 192.168.1.0 zork 239442 - - 226920 - - - lo0 16384 <Link#2> 0 0 0 0 0 0 0 lo0 16384 localhost ::1 0 - - 0 - - - lo0 16384 fe80::1%lo0 fe80::1 0 - - 0 - - - lo0 16384 your-net localhost 0 - - 0 - - - Local system status: 3:01AM up 22:21, 2 users, load averages: 0.24, 0.33, 0.25 Mail in local queue: mailq: Mail queue is empty Mail in submit queue: mailq: Mail queue is empty Security check: (output mailed separately) Checking for rejected mail hosts: Backing up pkgng database: -- End of daily output -- The daily security run output mail: Checking setuid files and devices: zork setuid diffs: --- /var/log/setuid.today 2014-05-21 03:07:00.000000000 +0200 +++ /tmp/security.kNUKUHM3 2014-08-07 03:06:29.000000000 +0200 @@ -32,13 +32,15 @@ 7704735 -r-sr-xr-x 6 root wheel 22376 Jan 16 23:41:02 2014 /usr/bin/ypchpass 7704735 -r-sr-xr-x 6 root wheel 22376 Jan 16 23:41:02 2014 /usr/bin/ypchsh 7704601 -r-sr-xr-x 2 root wheel 8296 Jan 16 23:41:09 2014 /usr/bin/yppasswd -7791699 -r-xr-sr-x 1 root smmsp 676064 Jan 16 23:41:34 2014 /usr/libexec/sendmail/sendmail +7791952 -r-xr-sr-x 1 root smmsp 676064 Jun 26 06:30:49 2014 /usr/libexec/sendmail/sendmail 7707857 -r-sr-xr-x 1 root wheel 32824 Jan 16 23:40:38 2014 /usr/libexec/ssh-keysign 7707853 -r-sr-xr-x 1 root wheel 6000 Jan 16 23:40:05 2014 /usr/libexec/ulog-helper 8268343 -r-sr-xr-x 1 root wheel 1819872 Apr 15 05:47:39 2014 /usr/local/bin/Xorg +8269540 -rwxr-sr-x 1 root wheel 18064 Jun 26 06:34:34 2014 /usr/local/bin/lockfile 8266420 -rwxr-sr-x 1 root mail 11392 Apr 6 12:40:12 2014 /usr/local/bin/mutt_dotlock 8268183 -rwsr-xr-x 1 root wheel 20072 Apr 15 05:43:54 2014 /usr/local/bin/pkexec -8268086 -rwsr-x--- 1 root messagebus 280784 Apr 15 05:41:41 2014 /usr/local/libexec/dbus-daemon-launch-helper +8269542 -rwsr-sr-x 1 root wheel 98224 Jun 26 06:34:34 2014 /usr/local/bin/procmail +8269658 -rwsr-x--- 1 root messagebus 270896 Jul 1 12:14:01 2014 /usr/local/libexec/dbus-daemon-launch-helper 8268207 -rwsr-xr-x 1 root wheel 12152 Apr 15 05:43:54 2014 /usr/local/libexec/polkit-agent-helper-1 8268125 -rwxr-sr-x 1 root polkit 19736 Apr 15 05:42:07 2014 /usr/local/libexec/polkit-explicit-grant-helper 8268126 -rwxr-sr-x 1 root polkit 17712 Apr 15 05:42:07 2014 /usr/local/libexec/polkit-grant-helper @@ -47,6 +49,7 @@ 8268129 -rwsr-xr-x 1 root wheel 8472 Apr 15 05:42:07 2014 /usr/local/libexec/polkit-resolve-exe-helper 8268130 -rwxr-sr-x 1 root polkit 21328 Apr 15 05:42:07 2014 /usr/local/libexec/polkit-revoke-helper 8268131 -rwsr-xr-x 1 root polkit 22032 Apr 15 05:42:07 2014 /usr/local/libexec/polkit-set-default-helper +8269530 -r-xr-sr-x 1 root ssmtp 32360 Jun 25 10:26:12 2014 /usr/local/sbin/ssmtp 7707669 -r-sr-sr-x 2 root authpf 24160 Jan 16 23:41:18 2014 /usr/sbin/authpf 7707669 -r-sr-sr-x 2 root authpf 24160 Jan 16 23:41:18 2014 /usr/sbin/authpf-noip 7707607 -r-xr-sr-x 1 root daemon 55584 Jan 16 23:41:27 2014 /usr/sbin/lpc Checking negative group permissions: Checking for uids of 0: root 0 toor 0 Checking for passwordless accounts: Checking login.conf permissions: zork kernel log messages: +++ /tmp/security.GuJvYr8G 2014-08-07 03:11:32.000000000 +0200 +FreeBSD 10.0-RELEASE-p6 #0: Tue Jun 24 07:47:37 UTC 2014 +vgapci0: <VGA-compatible display> port 0x2220-0x2227 mem 0xf0100000-0xf017ffff,0xe0000000-0xefffffff,0xf0000000-0xf00fffff irq 16 at device 2.0 on pci0 +em0: <Intel(R) PRO/1000 Network Connection 7.3.8> port 0x2100-0x211f mem 0xf0180000-0xf019ffff,0xf01a4000-0xf01a4fff irq 19 at device 25.0 on pci0 +uhci0: <Intel 82801I (ICH9) USB controller> port 0x2120-0x213f irq 20 at device 26.0 on pci0 +uhci1: <Intel 82801I (ICH9) USB controller> port 0x2140-0x215f irq 21 at device 26.1 on pci0 +uhci2: <Intel 82801I (ICH9) USB controller> port 0x2160-0x217f irq 22 at device 26.2 on pci0 +uhci3: <Intel 82801I (ICH9) USB controller> port 0x2180-0x219f irq 20 at device 29.0 on pci0 +uhci4: <Intel 82801I (ICH9) USB controller> port 0x21a0-0x21bf irq 21 at device 29.1 on pci0 +em0: <Intel(R) PRO/1000 Legacy Network Connection 1.0.6> port 0x1100-0x113f mem 0xf0200000-0xf021ffff,0xf0220000-0xf023ffff irq 20 at device 4.0 on pci7 +em0: Ethernet address: 90:e2:ba:6a:c0:dc +atapci0: <Intel ICH9 SATA300 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0x21e0-0x21ef,0x21f0-0x21ff irq 18 at device 31.2 on pci0 +atapci1: <Intel ICH9 SATA300 controller> port 0x2238-0x223f,0x2250-0x2253,0x2240-0x2247,0x2254-0x2257,0x2200-0x220f,0x2210-0x221f irq 18 at device 31.5 on pci0 +Timecounter "TSC-low" frequency 1163772879 Hz quality 1000 +ugen3.2: <Western Digital> at usbus3 +ugen1.2: <Logitech> at usbus1 +ukbd0: <Logitech USB Receiver, class 0/0, rev 2.00/12.01, addr 2> on usbus1 +ums0: <Logitech USB Receiver, class 0/0, rev 2.00/12.01, addr 2> on usbus1 +uhid0: <Logitech USB Receiver, class 0/0, rev 2.00/12.01, addr 2> on usbus1 zork login failures: zork refused connections: Checking for packages with security vulnerabilities: dbus-1.8.4 firefox-30.0_1,1 nss-3.16 -- End of security output --
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140807053352.GA20057>