Date: Wed, 26 Jun 1996 16:26:23 PDT From: faried nawaz <nawaz921@cs.uidaho.edu> To: Troy Arie Cobb <troy@circle.net> Cc: security@freebsd.org Subject: Re: Odd permission changes Message-ID: <21946.835831583@waldrog.cs.uidaho.edu> In-Reply-To: Your message of "Wed, 26 Jun 1996 18:27:58 PDT." <Pine.BSF.3.91.960626181341.15893A-100000@demeter.circle.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Troy Arie Cobb wrote... I have a strange thing that's been happening regularly now, following an incident w/ a cracker-type (who is now long gone). Now, on Fridays, around 2am, all of the owner-execute permissions on all files is removed. This has happened two weeks in a row now, I have accounting active and saw the chmod, but no one was logged in, and the daily/weekly scripts don't have any chmods in them. What about binaries, like `cron' or `at' or `chmod'? Have they been tampered with? Do you run any unusual daemons? Any incorrect crontab/at jobs? What happens when you do `chmod 000 /bin/chmod' (note: be sure to have a copy of chmod from another machine w/ permissions to fix /bin/chmod before you try this!) ? I need to buy a clue, any help? If you find out, please let me/us know. I've never seen that before.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?21946.835831583>