From owner-freebsd-security Thu Jan 28 01:13:13 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id BAA12362 for freebsd-security-outgoing; Thu, 28 Jan 1999 01:13:13 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from mail.craxx.com (taz.craxx.com [195.108.198.110]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA12357 for ; Thu, 28 Jan 1999 01:13:11 -0800 (PST) (envelope-from lva@dds.nl) Received: from cow (ut127003.inbel.utwente.nl [130.89.127.3]) by mail.craxx.com (8.9.1a/8.9.1) with SMTP id KAA07087 for ; Thu, 28 Jan 1999 10:13:04 +0100 (CET) From: "laurens van alphen" To: Subject: Security breach or VM flaw? (security check output) Date: Thu, 28 Jan 1999 00:17:30 +0100 Message-ID: <000601be4a4b$360dcfb0$ac1010ac@cow.craxx.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Importance: Normal Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hiya folks, This mornin' i received this daily security check output: (of course, hostnames have been changes, dates/sizes have not) setuid diffs: 40c40 < -r-xr-s--- 1 bin kmem 49152 Jul 22 10:14:47 1998 /usr/bin/netstat --- > -r-xr-s--- 1 bin kmem 49152 Jan 28 02:30:23 1999 /usr/bin/netstat Is seems as if netstat has adopted the time at which it was executed. Now, we feel this system is pretty secure and nothing, other than this, has indicated a breach. This system (FreeBSD 2.2.7-RELEASE) is our main webserver with only a very limited amount of accounts (staff plus a few well known users). It's running: apache-1.3.4, xinetd, telnet, cucipop-1.31, ssh-1.2.26, sendmail-8.9.1a (as non-root), mysql-3.22.14b-gamma and since a day or two: 'big brother' - a network/system monitor with a non-root daemon. Thanks for all your input. Cheers, -- laurens van alphen, craxx alphen@craxx.com, http://craxx.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message