Date: 01 Nov 2002 15:49:48 +1000 From: Duncan Anker <d.anker@au.darkbluesea.com> To: Andrew Boring <andrew.boring@millerzell.com> Cc: freebsd-questions@freebsd.org Subject: Re: After make world, periodic sends me suid diffs Message-ID: <1036129788.21009.2.camel@duncan> In-Reply-To: <Pine.WNT.4.44.0210301601190.1024-100000@netgod> References: <Pine.WNT.4.44.0210301601190.1024-100000@netgod>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 2002-10-31 at 07:02, Andrew Boring wrote: > I upgraded a box from 4.6 to 4.7 that is not in production yet. This was > my first time upgrading via CVS and make world and everything appeared to > go smoothly with no issues. > > However, the following day I received mail from the daily periodic scripts > Security Run Output: > > Checking setuid files and devices: > setuid diffs: > 1,50c1,50 > < 11 -r-sr-xr-x 1 root wheel 321100 Oct 8 11:12:48 2002 /bin/rcp > < 2761 -r-xr-sr-x 1 root kmem 65944 Oct 9 12:45:20 2002 > /sbin/ccdconfig > < 153 -r-sr-xr-x 1 root wheel 201836 Oct 9 12:45:27 2002 > /sbin/ping > < 154 -r-sr-xr-x 1 root wheel 202816 Oct 9 12:45:27 2002 > /sbin/ping6 > [...] > > Looking through the 100.chksetuid script, I am guessing that the security > script is warning me that the binaries have changed (as a result of the > source upgrade) and NOT that the permissions have changed or that more > have been added. Am I correct? I don't have a record or snapshot of the > permissions on all the binaries listed in the email to verify. permissions, owner, group, filesize, date, filename ... anything that's different between the directory snapshot from the previous run and the current one. It's just a diff between two ls commands, but it's pretty effective for catching unusual goings on To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1036129788.21009.2.camel>