From owner-freebsd-questions Tue Apr 17 0:44:47 2001 Delivered-To: freebsd-questions@freebsd.org Received: from deepblue.everad.com (deepblue.everad.com [212.117.137.66]) by hub.freebsd.org (Postfix) with ESMTP id BC69237B42C for ; Tue, 17 Apr 2001 00:44:36 -0700 (PDT) (envelope-from DanielM@EverAd.com) Received: from ilexc01.everad.com ([10.72.6.6]) by deepblue.everad.com with Microsoft SMTPSVC(5.5.1877.197.19); Tue, 17 Apr 2001 10:46:51 +0200 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: FW: freenix.everad.com security check output X-MimeOLE: Produced By Microsoft Exchange V6.0.4417.0 Date: Tue, 17 Apr 2001 10:44:25 +0200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: freenix.everad.com security check output Thread-Index: AcDG4unh3cJIM2UGQFyQ1IcgasJK1gANzqAg From: "Daniel Mester" To: Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello all, i just updated from 4.2 release to 4.3-RC and security output check showed me a lot of "setuided" changes (you can see it below) - is it normal? Thanks, Daniel. > -----Original Message----- > From: root@freenix.everad.com [mailto:root@freenix.everad.com] > Sent: Tuesday, April 17, 2001 2:06 AM > Subject: freenix.everad.com security check output >=20 >=20 > Checking setuid files and devices: >=20 >=20 > freenix.everad.com setuid diffs: > 1,56c1,55 > < 14349 -r-xr-sr-x 1 root operator 57076 Nov 20 13:59:17=20 > 2000 /bin/df > < 14362 -r-sr-xr-x 1 root wheel 319548 Nov 20 14:06:07=20 > 2000 /bin/rcp > < 35900 -r-xr-sr-x 1 root kmem 62944 Nov 20 14:00:57=20 > 2000 /sbin/ccdconfig > < 35906 -r-xr-sr-x 1 root kmem 69604 Nov 20 14:00:58=20 > 2000 /sbin/dmesg > < 35969 -r-xr-sr-x 2 root tty 331452 Nov 20 14:06:51=20 > 2000 /sbin/dump > < 35945 -r-sr-xr-x 1 root wheel 195812 Nov 20 14:01:09=20 > 2000 /sbin/ping > < 35946 -r-sr-xr-x 1 root bin 191012 Nov 20 14:01:09=20 > 2000 /sbin/ping6 > < 35969 -r-xr-sr-x 2 root tty 331452 Nov 20 14:06:51=20 > 2000 /sbin/rdump > < 35907 -r-xr-sr-x 2 root tty 358284 Nov 20 14:06:55=20 > 2000 /sbin/restore > < 35950 -r-sr-xr-x 1 root wheel 191924 Nov 20 14:01:10=20 > 2000 /sbin/route > < 35907 -r-xr-sr-x 2 root tty 358284 Nov 20 14:06:55=20 > 2000 /sbin/rrestore > < 35955 -r-sr-x--- 1 root operator 164668 Nov 20 14:01:11=20 > 2000 /sbin/shutdown > < 8035 -r-sr-xr-x 4 root wheel 19540 Nov 20 14:01:51=20 > 2000 /usr/bin/at > < 8035 -r-sr-xr-x 4 root wheel 19540 Nov 20 14:01:51=20 > 2000 /usr/bin/atq > < 8035 -r-sr-xr-x 4 root wheel 19540 Nov 20 14:01:51 2000=20 > /usr/bin/atrm > < 8035 -r-sr-xr-x 4 root wheel 19540 Nov 20 14:01:51 2000=20 > /usr/bin/batch > < 8047 -r-sr-xr-x 6 root wheel 32184 Nov 20 14:01:52 2000=20 > /usr/bin/chfn > < 8047 -r-sr-xr-x 6 root wheel 32184 Nov 20 14:01:52 2000=20 > /usr/bin/chpass > < 8047 -r-sr-xr-x 6 root wheel 32184 Nov 20 14:01:52 2000=20 > /usr/bin/chsh > < 8241 -r-sr-xr-x 1 root wheel 24508 Nov 20=20 > 14:02:26 2000 /usr/bin/crontab > < 7937 -r-sr-sr-x 1 uucp dialer 123824 Nov 20 13:59:39=20 > 2000 /usr/bin/cu > < 8075 -r-xr-sr-x 1 root kmem 13108 Nov 20 14:01:56 2000=20 > /usr/bin/fstat > < 8090 -r-xr-sr-x 1 root kmem 9832 Nov 20 14:01:57 2000=20 > /usr/bin/ipcs > < 8096 -r-sr-xr-x 1 root wheel 510 Nov 20 14:01:58 2000=20 > /usr/bin/keyinfo > < 8097 -r-sr-xr-x 1 root wheel 7444 Nov 20 14:01:58 2000=20 > /usr/bin/keyinit > < 8114 -r-sr-xr-x 1 root wheel 7004 Nov 20 14:02:00 2000=20 > /usr/bin/lock > < 8117 -r-sr-xr-x 1 root wheel 19764 Nov 20 14:06:42 2000=20 > /usr/bin/login > < 8246 -r-sr-sr-x 1 root daemon 20008 Nov 20=20 > 14:02:48 2000 /usr/bin/lpq > < 8247 -r-sr-sr-x 1 root daemon 23368 Nov 20=20 > 14:02:48 2000 /usr/bin/lpr > < 8248 -r-sr-sr-x 1 root daemon 19372 Nov 20=20 > 14:02:48 2000 /usr/bin/lprm > < 7989 -r-sr-xr-x 1 man wheel 28512 Nov 20 14:00:02=20 > 2000 /usr/bin/man > < 8136 -r-xr-sr-x 1 root kmem 85104 Nov 20 14:02:07 2000=20 > /usr/bin/netstat > < 8138 -r-xr-sr-x 1 root kmem 9904 Nov 20 14:02:07 2000=20 > /usr/bin/nfsstat > < 8264 -r-sr-xr-x 2 root wheel 30540 Nov 20 14:06:44 2000=20 > /usr/bin/passwd > < 8151 -r-sr-xr-x 1 root wheel 10440 Nov 20 14:02:08 2000=20 > /usr/bin/quota > < 8146 -r-sr-xr-x 1 root wheel 17244 Nov 20 14:06:45 2000=20 > /usr/bin/rlogin > < 8155 -r-sr-xr-x 1 root wheel 14460 Nov 20=20 > 14:06:48 2000 /usr/bin/rsh > < 8269 -r-sr-xr-x 2 root wheel 170136 Nov 20=20 > 14:11:20 2000 /usr/bin/slogin > < 8269 -r-sr-xr-x 2 root wheel 170136 Nov 20=20 > 14:11:20 2000 /usr/bin/ssh > < 8159 -r-sr-xr-x 1 root wheel 11560 Nov 20=20 > 14:06:49 2000 /usr/bin/su > < 8174 -r-xr-sr-x 1 root kmem 56112 Nov 20=20 > 14:02:11 2000 /usr/bin/systat > < 8182 -r-xr-sr-x 1 root kmem 32312 Nov 20=20 > 14:02:12 2000 /usr/bin/top > < 7938 -r-sr-xr-x 1 uucp wheel 88228 Nov 20 13:59:40=20 > 2000 /usr/bin/uucp > < 7940 -r-sr-xr-x 1 uucp wheel 37312 Nov 20 13:59:40=20 > 2000 /usr/bin/uuname > < 7943 -r-sr-sr-x 1 uucp dialer 96752 Nov 20 13:59:41=20 > 2000 /usr/bin/uustat > < 7945 -r-sr-xr-x 1 uucp wheel 88844 Nov 20 13:59:41=20 > 2000 /usr/bin/uux > < 8207 -r-xr-sr-x 1 root kmem 15920 Nov 20=20 > 14:02:15 2000 /usr/bin/vmstat > < 8209 -r-xr-sr-x 1 root tty 9072 Nov 20=20 > 14:02:16 2000 /usr/bin/wall > < 8217 -r-xr-sr-x 1 root tty 7500 Nov 20=20 > 14:02:17 2000 /usr/bin/write > < 8047 -r-sr-xr-x 6 root wheel 32184 Nov 20 14:01:52 2000=20 > /usr/bin/ypchfn > < 8047 -r-sr-xr-x 6 root wheel 32184 Nov 20 14:01:52 2000=20 > /usr/bin/ypchpass > < 8047 -r-sr-xr-x 6 root wheel 32184 Nov 20 14:01:52 2000=20 > /usr/bin/ypchsh > < 8264 -r-sr-xr-x 2 root wheel 30540 Nov 20 14:06:44 2000=20 > /usr/bin/yppasswd > < 1269761 -r-sr-xr-x 1 root wheel 396564 Nov 20=20 > 14:02:50 2000 /usr/libexec/sendmail/sendmail > < 1285633 -r-sr-sr-x 1 uucp dialer 220672 Nov 20=20 > 13:59:40 2000 /usr/libexec/uucp/uucico > < 1285634 -r-sr-s--- 1 uucp uucp 99552 Nov 20=20 > 13:59:41 2000 /usr/libexec/uucp/uuxqt > --- > > 14349 -r-xr-sr-x 1 root operator 56892 Apr 16 08:56:28=20 > 2001 /bin/df > > 14361 -r-sr-xr-x 1 root wheel 242780 Apr 16 08:56:34=20 > 2001 /bin/rcp > > 35900 -r-xr-sr-x 1 root kmem 62792 Apr 16 08:59:17=20 > 2001 /sbin/ccdconfig > > 35906 -r-xr-sr-x 1 root kmem 69512 Apr 16 08:59:20=20 > 2001 /sbin/dmesg > > 35998 -r-xr-sr-x 2 root tty 258616 Apr 16 08:59:21=20 > 2001 /sbin/dump > > 35944 -r-sr-xr-x 1 root wheel 196376 Apr 16 08:59:40=20 > 2001 /sbin/ping > > 35945 -r-sr-xr-x 1 root bin 191380 Apr 16 08:59:40=20 > 2001 /sbin/ping6 > > 35998 -r-xr-sr-x 2 root tty 258616 Apr 16 08:59:21=20 > 2001 /sbin/rdump > > 35948 -r-xr-sr-x 2 root tty 284728 Apr 16 08:59:42=20 > 2001 /sbin/restore > > 35942 -r-sr-xr-x 1 root wheel 192484 Apr 16 08:59:42=20 > 2001 /sbin/route > > 35948 -r-xr-sr-x 2 root tty 284728 Apr 16 08:59:42=20 > 2001 /sbin/rrestore > > 35954 -r-sr-x--- 1 root operator 165008 Apr 16 08:59:44=20 > 2001 /sbin/shutdown > > 7980 -r-sr-xr-x 4 root wheel 19540 Apr 16 09:00:54=20 > 2001 /usr/bin/at > > 7980 -r-sr-xr-x 4 root wheel 19540 Apr 16 09:00:54=20 > 2001 /usr/bin/atq > > 7980 -r-sr-xr-x 4 root wheel 19540 Apr 16 09:00:54 2001=20 > /usr/bin/atrm > > 7980 -r-sr-xr-x 4 root wheel 19540 Apr 16 09:00:54 2001=20 > /usr/bin/batch > > 7994 -r-sr-xr-x 6 root wheel 32280 Apr 16 09:00:57 2001=20 > /usr/bin/chfn > > 7994 -r-sr-xr-x 6 root wheel 32280 Apr 16 09:00:57 2001=20 > /usr/bin/chpass > > 7994 -r-sr-xr-x 6 root wheel 32280 Apr 16 09:00:57 2001=20 > /usr/bin/chsh > > 8045 -r-sr-xr-x 1 root wheel 24508 Apr 16=20 > 09:01:46 2001 /usr/bin/crontab > > 8519 -r-sr-sr-x 1 uucp dialer 123888 Apr 16 08:57:07=20 > 2001 /usr/bin/cu > > 8027 -r-xr-sr-x 1 root kmem 13108 Apr 16 09:01:06 2001=20 > /usr/bin/fstat > > 8587 -r-xr-sr-x 1 root kmem 9832 Apr 16 09:01:08 2001=20 > /usr/bin/ipcs > > 8585 -r-sr-xr-x 1 root wheel 510 Apr 16 09:01:09 2001=20 > /usr/bin/keyinfo > > 8592 -r-sr-xr-x 1 root wheel 7444 Apr 16 09:01:09 2001=20 > /usr/bin/keyinit > > 8611 -r-sr-xr-x 1 root wheel 7004 Apr 16 09:01:12 2001=20 > /usr/bin/lock > > 8594 -r-sr-xr-x 1 root wheel 20436 Apr 16 09:01:12 2001=20 > /usr/bin/login > > 8052 -r-sr-sr-x 1 root daemon 23720 Apr 16=20 > 09:02:19 2001 /usr/bin/lpq > > 8051 -r-sr-sr-x 1 root daemon 27304 Apr 16=20 > 09:02:20 2001 /usr/bin/lpr > > 8055 -r-sr-sr-x 1 root daemon 22668 Apr 16=20 > 09:02:20 2001 /usr/bin/lprm > > 7945 -r-sr-xr-x 1 man wheel 28512 Apr 16 08:57:50=20 > 2001 /usr/bin/man > > 8636 -r-xr-sr-x 1 root kmem 85648 Apr 16 09:01:16 2001=20 > /usr/bin/netstat > > 8635 -r-xr-sr-x 1 root kmem 9936 Apr 16 09:01:17 2001=20 > /usr/bin/nfsstat > > 8646 -r-sr-xr-x 2 root wheel 26660 Apr 16 09:01:18 2001=20 > /usr/bin/passwd > > 8651 -r-sr-xr-x 1 root wheel 10440 Apr 16 09:01:19 2001=20 > /usr/bin/quota > > 8650 -r-sr-xr-x 1 root wheel 10216 Apr 16 09:01:20 2001=20 > /usr/bin/rlogin > > 8014 -r-sr-xr-x 1 root wheel 7584 Apr 16=20 > 09:01:21 2001 /usr/bin/rsh > > 8658 -r-sr-xr-x 1 root wheel 8168 Apr 16=20 > 09:01:22 2001 /usr/bin/su > > 8668 -r-xr-sr-x 1 root kmem 56144 Apr 16=20 > 09:01:23 2001 /usr/bin/systat > > 8679 -r-xr-sr-x 1 root kmem 32344 Apr 16=20 > 09:01:24 2001 /usr/bin/top > > 8520 -r-sr-xr-x 1 uucp wheel 88228 Apr 16 08:57:09=20 > 2001 /usr/bin/uucp > > 8524 -r-sr-xr-x 1 uucp wheel 37312 Apr 16 08:57:09=20 > 2001 /usr/bin/uuname > > 8033 -r-sr-sr-x 1 uucp dialer 96752 Apr 16 08:57:10=20 > 2001 /usr/bin/uustat > > 8525 -r-sr-xr-x 1 uucp wheel 88844 Apr 16 08:57:10=20 > 2001 /usr/bin/uux > > 8700 -r-xr-sr-x 1 root kmem 16368 Apr 16=20 > 09:01:29 2001 /usr/bin/vmstat > > 8699 -r-xr-sr-x 1 root tty 9040 Apr 16=20 > 09:01:29 2001 /usr/bin/wall > > 8712 -r-xr-sr-x 1 root tty 7500 Apr 16=20 > 09:01:31 2001 /usr/bin/write > > 7994 -r-sr-xr-x 6 root wheel 32280 Apr 16 09:00:57 2001=20 > /usr/bin/ypchfn > > 7994 -r-sr-xr-x 6 root wheel 32280 Apr 16 09:00:57 2001=20 > /usr/bin/ypchpass > > 7994 -r-sr-xr-x 6 root wheel 32280 Apr 16 09:00:57 2001=20 > /usr/bin/ypchsh > > 8646 -r-sr-xr-x 2 root wheel 26660 Apr 16 09:01:18 2001=20 > /usr/bin/yppasswd > > 540243 -r-xr-sr-x 1 root games 7176 Apr 16 08:56:47=20 > 2001 /usr/games/dm > > 1270174 -r-sr-xr-x 1 root wheel 398740 Apr 16=20 > 09:02:22 2001 /usr/libexec/sendmail/sendmail > > 1286177 -r-sr-sr-x 1 uucp dialer 220704 Apr 16=20 > 08:57:08 2001 /usr/libexec/uucp/uucico > > 1286178 -r-sr-s--- 1 uucp uucp 99584 Apr 16=20 > 08:57:10 2001 /usr/libexec/uucp/uuxqt > 60,73c59,72 > < 1301549 -r-xr-sr-x 1 root kmem 4664 Nov 20=20 > 14:02:28 2000 /usr/sbin/ifmcstat > < 1301551 -r-xr-sr-x 1 root kmem 9608 Nov 20 14:02:28=20 > 2000 /usr/sbin/iostat > < 1301663 -r-xr-sr-x 1 root daemon 27028 Nov 20 14:02:48=20 > 2000 /usr/sbin/lpc > < 1301569 -r-sr-xr-x 1 root wheel 16348 Nov 20 14:02:30=20 > 2000 /usr/sbin/mrinfo > < 1301571 -r-sr-xr-x 1 root wheel 29896 Nov 20 14:02:33=20 > 2000 /usr/sbin/mtrace > < 1301706 -r-sr-xr-- 1 root network 283624 Nov 20 14:02:39=20 > 2000 /usr/sbin/ppp > < 1301707 -r-sr-xr-x 1 root wheel 95580 Nov 20 14:02:39=20 > 2000 /usr/sbin/pppd > < 1301605 -r-xr-sr-x 2 root kmem 14584 Nov 20 14:02:39=20 > 2000 /usr/sbin/pstat > < 1301627 -r-sr-x--- 1 root network 10984 Nov 20 14:02:42=20 > 2000 /usr/sbin/sliplogin > < 1301605 -r-xr-sr-x 2 root kmem 14584 Nov 20 14:02:39=20 > 2000 /usr/sbin/swapinfo > < 1301635 -r-sr-xr-x 1 root wheel 15112 Nov 20 14:02:43=20 > 2000 /usr/sbin/timedc > < 1301636 -r-sr-xr-x 1 root wheel 13168 Nov 20 14:02:44=20 > 2000 /usr/sbin/traceroute > < 1301637 -r-sr-xr-x 1 root bin 14952 Nov 20 14:02:44=20 > 2000 /usr/sbin/traceroute6 > < 1301638 -r-xr-sr-x 1 root kmem 8040 Nov 20 14:02:44=20 > 2000 /usr/sbin/trpt > --- > > 1302170 -r-xr-sr-x 1 root kmem 4664 Apr 16=20 > 09:01:49 2001 /usr/sbin/ifmcstat > > 1302162 -r-xr-sr-x 1 root kmem 9608 Apr 16=20 > 09:01:50 2001 /usr/sbin/iostat > > 1301571 -r-xr-sr-x 1 root daemon 30196 Apr 16 09:02:19=20 > 2001 /usr/sbin/lpc > > 1302184 -r-sr-xr-x 1 root wheel 16348 Apr 16=20 > 09:01:54 2001 /usr/sbin/mrinfo > > 1302192 -r-sr-xr-x 1 root wheel 29896 Apr 16 09:01:54=20 > 2001 /usr/sbin/mtrace > > 1302227 -r-sr-xr-- 1 root network 295124 Apr 16 09:02:05=20 > 2001 /usr/sbin/ppp > > 1302222 -r-sr-xr-x 1 root wheel 95388 Apr 16 09:02:06=20 > 2001 /usr/sbin/pppd > > 1302233 -r-xr-sr-x 2 root kmem 14808 Apr 16 09:02:06=20 > 2001 /usr/sbin/pstat > > 1302249 -r-sr-x--- 1 root network 11112 Apr 16 09:02:10=20 > 2001 /usr/sbin/sliplogin > > 1302233 -r-xr-sr-x 2 root kmem 14808 Apr 16 09:02:06=20 > 2001 /usr/sbin/swapinfo > > 1302262 -r-sr-xr-x 1 root wheel 15112 Apr 16 09:02:12=20 > 2001 /usr/sbin/timedc > > 1302264 -r-sr-xr-x 1 root wheel 13168 Apr 16 09:02:12=20 > 2001 /usr/sbin/traceroute > > 1302258 -r-sr-xr-x 1 root bin 14952 Apr 16 09:02:12=20 > 2001 /usr/sbin/traceroute6 > > 1302265 -r-xr-sr-x 1 root kmem 8040 Apr 16 09:02:13=20 > 2001 /usr/sbin/trpt >=20 >=20 > freenix.everad.com changes in mounted filesystems: > 5d4 > < /dev/acd0c /cdrom cd9660 ro 0 0 >=20 >=20 > Checking for uids of 0: > root 0 > toor 0 >=20 >=20 > Checking for passwordless accounts: >=20 >=20 =20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message