From owner-freebsd-questions@FreeBSD.ORG Mon Aug 16 15:07:56 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E025016A4CE for ; Mon, 16 Aug 2004 15:07:56 +0000 (GMT) Received: from mymail.netmagicians.com (mymail.netmagicians.com [202.87.39.126]) by mx1.FreeBSD.org (Postfix) with SMTP id 6504F43D1F for ; Mon, 16 Aug 2004 15:07:55 +0000 (GMT) (envelope-from sid@netmagicsolutions.com) Received: (qmail 7932 invoked from network); 16 Aug 2004 15:22:25 -0000 Received: from sid@netmagicsolutions.com by netmagicsolutions.com by uid 504 with qmail-scanner-1.16 (uvscan: v4.3.20/v4100. Clear:. Processed in 0.806573 secs); 16 Aug 2004 15:22:25 -0000 Received: from intra.netmagicsolutions.com (HELO ?10.1.1.161?) (202.87.39.242) by mymail.netmagicians.com with SMTP; 16 Aug 2004 15:22:24 -0000 Message-ID: <4120CDCD.9040202@netmagicsolutions.com> Date: Mon, 16 Aug 2004 20:37:57 +0530 From: Siddhartha Jain User-Agent: Mozilla Thunderbird 0.7.1 (Windows/20040626) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <20040816145737.GA3924@sara.mshome.net> In-Reply-To: <20040816145737.GA3924@sara.mshome.net> X-Enigmail-Version: 0.84.2.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Security question - uids of 0 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Aug 2004 15:07:57 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 James A. Coulter wrote: | The following appeared in my latest daily security run output: | | Checking for uids of 0: | root 0 | toor 0 | | This is the first time I've seen this message. | | I checked /etc/passwd and found this: | | root:*:0:0:Charlie &:/root:/bin/csh | toor:*:0:0:Bourne-again Superuser:/root: | | I am running FreeBSD 4.10 as a gateway/router/firewall with IPFW for a small | home LAN. | | I ran ps -aux and looked for any processes owned by "toor" but didn't find any. | | Is this something to be concerned about? | | Sorry if this is an obvious question, but I am still very much a newbie | and trying to learn what I can about security. http://freebsd.active-venture.com/faq/security.html#TOOR-ACCOUNT - -- Siddhartha Jain (CISSP) Consulting Engineer Netmagic Solutions Pvt Ltd Bombay - 400063 Phone: +91-22-26850001 Ext.128 Fax : +91-22-26850002 http://www.netmagicsolutions.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBIM3MOGaxOP7knVwRAv1HAJ4+/67fLaZbpgR3U25vy9xGMLtelQCeKhdO iTuVWEHFhbH/n+1tXxNIYFY= =RBsX -----END PGP SIGNATURE-----