Date: Fri, 23 Jul 2004 10:32:26 -0400 (EDT) From: "Steve Bertrand" <iaccounts@ibctech.ca> To: freebsd-questions@freebsd.org Subject: setuid diffs... Message-ID: <1557.209.167.16.15.1090593146.squirrel@209.167.16.15>
next in thread | raw e-mail | index | archive | help
Hi all, Late yesterday, I ``cloned'' my single, primary IDE FreeBSD hard disk onto a larger one. Then, using a Promise ATA IDE RAID controller I built a RAID-1 array. Everything went as planned, the box is now back up using the 'ar' driver for the array. However, in the security run output last night, I got this: Checking setuid files and devices: pearl.ibctech.ca setuid diffs: 1,73c1,73 < 106 -r-sr-xr-x 1 root wheel 251444 Jul 16 12:07:10 2004 /bin/rcp < 15904 -r-xr-sr-x 1 root kmem 66216 Jul 16 12:07:25 2004 /sbin/ccdconfig < 15949 -r-sr-xr-x 1 root wheel 203992 Jul 16 12:07:28 2004 /sbin/ping and down further: - > 1036 -r-sr-xr-x 1 root wheel 251444 Jul 16 12:07:10 2004 /bin/rcp - > 1292 -r-xr-sr-x 1 root kmem 66216 Jul 16 12:07:25 2004 /sbin/ccdconfig - > 1339 -r-sr-xr-x 1 root wheel 203992 Jul 16 12:07:28 2004 /sbin/ping Did this happen because the files were transferred from one disk to another and the system knew it? Or should I be concerned of a possible 'coincidental' invasion? Tks for any help! Steve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1557.209.167.16.15.1090593146.squirrel>