From owner-freebsd-questions  Thu Jan 30 00:19:10 1997
Return-Path: <owner-questions>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id AAA27570
          for questions-outgoing; Thu, 30 Jan 1997 00:19:10 -0800 (PST)
Received: from radford.i-plus.net (root@Radford.i-Plus.net [206.99.237.6])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id AAA27562
          for <freebsd-questions@freebsd.org>; Thu, 30 Jan 1997 00:19:05 -0800 (PST)
Received: (from rewt@localhost) by radford.i-plus.net (8.8.3/8.8.3) id DAA05251; Thu, 30 Jan 1997 03:18:17 -0500 (EST)
Date: Thu, 30 Jan 1997 03:18:16 -0500 (EST)
From: ## Troy Settle <rewt@i-plus.net>
To: freebsd-questions@freebsd.org
Subject: My security check output (fwd)
Message-ID: <Pine.BSF.3.91.970130031456.5227A-100000@radford.i-plus.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


Can anyone explain this to me?  I'm confused as to what the differences 
are in these files.  have I been hacked?  I don't see anything suspicious 
in my logs, or anywhere else.  but, these suid files show up as being 
different.  Am I missing something?

ugh... it's too damn early in the morning... (late at night?  who knows)


Troy Settle <st@i-Plus.net>
Network Administrator
i-Plus Internet Services
http://www.i-Plus.net

---------- Forwarded message ----------
Date: Thu, 30 Jan 1997 02:00:02 -0500 (EST)
From: Charlie Root <root@i-plus.net>
Subject: Radford security check output

checking setuid files and devices:
find: /home/.1/pitlord/www/sounds/built this city.mid: illegal path
Radford setuid diffs:
77,80d80
< -r-xr-sr-x  1 bin   kmem     12288 Nov 24 18:11:24 1996 /usr/sbin/slstat
< -r-xr-sr-x  2 bin   kmem     20480 Nov 24 18:11:14 1996 /usr/sbin/swapinfo
< -r-sr-xr-x  1 root  bin      20480 Nov 24 18:11:31 1996 /usr/sbin/timedc
< -r-sr-xr-x  1 root  bin      16384 Nov 24 18:11:31 1996 /usr/sbin/traceroute
88a89,92
> -r-xr-sr-x  1 bin   kmem     12288 Nov 24 18:11:24 1996 /usr/sbin/slstat
> -r-xr-sr-x  2 bin   kmem     20480 Nov 24 18:11:14 1996 /usr/sbin/swapinfo
> -r-sr-xr-x  1 root  bin      20480 Nov 24 18:11:31 1996 /usr/sbin/timedc
> -r-sr-xr-x  1 root  bin      16384 Nov 24 18:11:31 1996 /usr/sbin/traceroute


checking for uids of 0:
root 0
toor 0