Date: Mon, 16 Aug 2004 12:28:20 -0500 From: "James A. Coulter" <jacoulter@jacoulter.net> To: freebsd-questions@freebsd.org Cc: Volker Kindermann <ml@ps102.de> Subject: Re: Security question - uids of 0 Message-ID: <20040816172820.GA4109@sara.mshome.net> In-Reply-To: <20040816170151.789d86c6@ariel.office.volker.de> References: <20040816145737.GA3924@sara.mshome.net> <20040816170151.789d86c6@ariel.office.volker.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Aug 16, 2004 at 05:01:51PM +0200, Volker Kindermann wrote: > Hi James, > > > > The following appeared in my latest daily security run output: > > > > Checking for uids of 0: > > root 0 > > toor 0 > > > > This is the first time I've seen this message. > > > > I checked /etc/passwd and found this: > > > > root:*:0:0:Charlie &:/root:/bin/csh > > toor:*:0:0:Bourne-again Superuser:/root: > > > > I am running FreeBSD 4.10 as a gateway/router/firewall with IPFW for a > > small home LAN. > > > > I ran ps -aux and looked for any processes owned by "toor" but didn't > > find any. > > did you install bash? Normally, the bash from ports or packages will > install the "toor" account so you don't have to change root's shell. > > If you installed bash then there's nothing to worry about this entry. > If you don't need it, just use vipw and delete it. > > -volker Thank you Volker - I did install bash several weeks ago, so the sudden appearance of the message in my daily security run caught my attention. Thanks to everyone who sent the http://www.freebsd.org/doc/faq/security.html#TOOR-ACCOUNT link. Jim
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040816172820.GA4109>