From owner-freebsd-questions Sat Sep 22 16:20:17 2001 Delivered-To: freebsd-questions@freebsd.org Received: from ns1.avatar.com (ns1.avatar.com [199.33.206.1]) by hub.freebsd.org (Postfix) with ESMTP id 8F97637B41F for ; Sat, 22 Sep 2001 16:20:15 -0700 (PDT) Received: from tomcat (tomcat.avatar.com [199.33.206.20]) by ns1.avatar.com (8.9.1/8.9.1) with SMTP id QAA09754 for ; Sat, 22 Sep 2001 16:20:15 -0700 (PDT) From: "Kory Hamzeh" To: Subject: daily security ceck - setuid diffs Date: Sat, 22 Sep 2001 16:20:18 -0700 Message-ID: <002101c143bd$24564cc0$14ce21c7@avatar.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I moved a server from one hardware (PC) to another. I did this by installing a basic RELEASE-4.3 on the target machine (the source was also running RELEASE-4.3). I did a full level 0 dump of all of the filesystems of the source machine and did a full restore to the target machine. Everything work flawlessly, of course I did change the name and IP of the source machine. The target machine came up just fine. However, the next day in the daily security check e-mail, I receive a bunch of these warning: ns2.avatar.com setuid diffs: 1,86c1,86 < 95239 -r-xr-sr-x 1 root operator 56892 Apr 21 02:05:46 2001 /bin/df < 95252 -r-sr-xr-x 1 root wheel 317400 Apr 21 02:13:35 2001 /bin/rcp < 269831 -r-xr-sr-x 1 root kmem 62792 Apr 21 02:08:02 2001 /sbin/ccdconfig I think these means that the dates of programs that have the setuid bit set has changed since the last check. This is to be expected and I think this is not something to worry about. Am I correct in my thinking? Thanks, Kory To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message