From owner-freebsd-security Wed May 10 11:56:46 2000 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (adam042-051.resnet.wisc.edu [146.151.42.51]) by hub.freebsd.org (Postfix) with SMTP id C016237B8FE for ; Wed, 10 May 2000 11:56:39 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 26888 invoked by uid 1000); 10 May 2000 18:56:29 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 10 May 2000 18:56:29 -0000 Date: Wed, 10 May 2000 13:56:29 -0500 (CDT) From: Mike Silbersack To: Peter van Dijk Cc: security@freebsd.org Subject: Re: envy.vuurwerk.nl daily run output In-Reply-To: <20000509150609.L42267@vuurwerk.nl> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 9 May 2000, Peter van Dijk wrote: > [snip] > > Backup passwd and group files: > envy.vuurwerk.nl passwd diffs: > 3c3 > < root:(password):0:0::0:0:Charlie &:/root:/usr/local/bin/bash > --- > > root:(password):0:0::0:0:Charlie &:/root:/usr/local/bin/bash > [snip] > > This line needed some thinking from me until I realized that it was trying > to tell me the rootpassword changed (which I already knew, ofcourse). Could > this be made more obvious, something like (password1) in the top one and > (password2) in the bottom one? This just got me thinking... are .ssh/authorized_keys files checked for changes by the security scripts? I know I probably wouldn't notice for a long while if someone had modified mine, all the time during which someone could be playing around on the box. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message