From owner-freebsd-questions@FreeBSD.ORG Tue Aug 29 07:41:00 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B131F16A4DF for ; Tue, 29 Aug 2006 07:41:00 +0000 (UTC) (envelope-from dick@nagual.nl) Received: from nagual.nl (cc20684-a.assen1.dr.home.nl [82.74.7.108]) by mx1.FreeBSD.org (Postfix) with ESMTP id A78B243D45 for ; Tue, 29 Aug 2006 07:40:56 +0000 (GMT) (envelope-from dick@nagual.nl) Received: from localhost (localhost [127.0.0.1]) (uid 1000) by nagual.nl with local; Tue, 29 Aug 2006 09:40:55 +0200 id 0003980A.44F3EF87.00001DBF Date: Tue, 29 Aug 2006 09:40:55 +0200 To: David Robillard Message-ID: <20060829074055.GA7576@lothlorien.nagual.nl> References: <226ae0c60608280811t75213772j2d84cfc8a30c148f@mail.gmail.com> <20060828215733.GA966@arwen.nagual.nl> <226ae0c60608281502i4079c0cbi7006d1b6b04b92ad@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline In-Reply-To: <226ae0c60608281502i4079c0cbi7006d1b6b04b92ad@mail.gmail.com> User-Agent: Mutt/1.4.2.2i From: dick hoogendijk Cc: freebsd-questions Subject: Re: Fw: lothlorien.nagual.nl security run output X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Aug 2006 07:41:00 -0000 On 28 Aug David Robillard wrote: > Did you reinstall the entire OS _before_ you installed Osiris? Did you > find out why your SUID files had changed in the first place? No. I did a "diff" with the same files on other freebsd-6.1 machines which I'm absolutely certain are not compromised. The files where exactly the same. I use the same port collections and always portupgrade the machines at the same time. So I'm quite sure it must have been some software packages that changed the suid bit. It's too much work to find out exactly which ones, given the fact it's not that important after all. > If not, then your base Osiris database might contain already > compromised software. Which makes Osiris useless... I know.. > >Use the default configuration for this OS (yes/no) yes > > >>> configuration (default.freebsd) has been pushed > > > >Nothing happens.. (as it seems..) > I had the same problem with FreeBSD 5.3 and then moved to 6.1 which > cleared this problem. I suspect it has to do with network timeouts that > have been changed via sysctl.conf(5). Have you done any modifications to > your sysctl.conf file? I run 6.1 so it's weird that nothing happens.. I did not change a thing in sysctl.conf except for some hw.snd settings. They can't be blamed I suppose ;-) Maybe you have some clues. -- dick -- http://nagual.nl/ -- PGP/GnuPG key: F86289CE ++ Running FreeBSD 6.1 +++ The Power to Serve