Date: Tue, 24 Jul 2001 19:16:16 -0400 From: Pierre-Luc =?iso-8859-1?Q?Lesp=E9rance?= <silence@oksala.org> To: security@freebsd.org Subject: Re: Security Check Diffs Question Message-ID: <3B5E01C0.4234B000@oksala.org> References: <200107241632.LAA05639@chrome.jdl.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Jon Loeliger wrote: > > Hi Folks, > > This morning, on a machine that's been up for 33 days, > I suddenly saw these /etc/security diffs: > > <host> setuid diffs: > 20,22c20,22 > < 8047 -r-sr-xr-x 6 root wheel 32184 Nov 20 06:01:52 2000 /usr/bin/chfn > < 8047 -r-sr-xr-x 6 root wheel 32184 Nov 20 06:01:52 2000 /usr/bin/chpass > < 8047 -r-sr-xr-x 6 root wheel 32184 Nov 20 06:01:52 2000 /usr/bin/chsh > --- > > 8047 -r-sr-xr-x 5 root wheel 32184 Nov 20 06:01:52 2000 /usr/bin/chfn > > 8047 -r-sr-xr-x 5 root wheel 32184 Nov 20 06:01:52 2000 /usr/bin/chpass > > 8047 -r-sr-xr-x 5 root wheel 32184 Nov 20 06:01:52 2000 /usr/bin/chsh > 53,55c53,55 > < 8047 -r-sr-xr-x 6 root wheel 32184 Nov 20 06:01:52 2000 /usr/bin/ypchfn > < 8047 -r-sr-xr-x 6 root wheel 32184 Nov 20 06:01:52 2000 /usr/bin/ypchpass > < 8047 -r-sr-xr-x 6 root wheel 32184 Nov 20 06:01:52 2000 /usr/bin/ypchsh > --- > > 8270 -r-sr-xr-x 1 root wheel 32184 Nov 20 06:01:52 2000 /usr/bin/ypchfn > > 8047 -r-sr-xr-x 5 root wheel 32184 Nov 20 06:01:52 2000 /usr/bin/ypchpass > > 8047 -r-sr-xr-x 5 root wheel 32184 Nov 20 06:01:52 2000 /usr/bin/ypchsh If your box is not really* important. You sould lets it like that and wait for the return of the Evil telnetd cracker (if any) and mail a little paper to is ISP. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B5E01C0.4234B000>