Date: Fri, 23 Jul 2004 11:33:16 -0400 (EDT) From: "Steve Bertrand" <iaccounts@ibctech.ca> To: freebsd-questions@freebsd.org Subject: Re: setuid diffs... Message-ID: <1719.209.167.16.15.1090596796.squirrel@209.167.16.15> In-Reply-To: <1557.209.167.16.15.1090593146.squirrel@209.167.16.15> References: <1557.209.167.16.15.1090593146.squirrel@209.167.16.15>
next in thread | previous in thread | raw e-mail | index | archive | help
> Hi all, > > Late yesterday, I ``cloned'' my single, primary IDE FreeBSD hard disk onto > a larger one. Then, using a Promise ATA IDE RAID controller I built a > RAID-1 array. > > Everything went as planned, the box is now back up using the 'ar' driver > for the array. However, in the security run output last night, I got this: > > Checking setuid files and devices: > > pearl.ibctech.ca setuid diffs: > 1,73c1,73 > < 106 -r-sr-xr-x 1 root wheel 251444 Jul 16 12:07:10 2004 /bin/rcp < > 15904 -r-xr-sr-x 1 root kmem 66216 Jul 16 12:07:25 2004 > /sbin/ccdconfig > < 15949 -r-sr-xr-x 1 root wheel 203992 Jul 16 12:07:28 2004 > /sbin/ping > > and down further: > > - > 1036 -r-sr-xr-x 1 root wheel 251444 Jul 16 12:07:10 2004 > /bin/rcp > - > 1292 -r-xr-sr-x 1 root kmem 66216 Jul 16 12:07:25 2004 > /sbin/ccdconfig > - > 1339 -r-sr-xr-x 1 root wheel 203992 Jul 16 12:07:28 2004 > /sbin/ping > > Did this happen because the files were transferred from one disk to > another and the system knew it? Or should I be concerned of a possible > 'coincidental' invasion? > Thanks all for the replies. I assumed it was just due to the move, but always better safe than sorry ;o) Steve > Tks for any help! > > Steve > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1719.209.167.16.15.1090596796.squirrel>