Date: Thu, 28 Jan 1999 00:17:30 +0100 From: "laurens van alphen" <lva@dds.nl> To: <freebsd-security@FreeBSD.ORG> Subject: Security breach or VM flaw? (security check output) Message-ID: <000601be4a4b$360dcfb0$ac1010ac@cow.craxx.com>
next in thread | raw e-mail | index | archive | help
Hiya folks, This mornin' i received this daily security check output: (of course, hostnames have been changes, dates/sizes have not) <host> setuid diffs: 40c40 < -r-xr-s--- 1 bin kmem 49152 Jul 22 10:14:47 1998 /usr/bin/netstat --- > -r-xr-s--- 1 bin kmem 49152 Jan 28 02:30:23 1999 /usr/bin/netstat Is seems as if netstat has adopted the time at which it was executed. Now, we feel this system is pretty secure and nothing, other than this, has indicated a breach. This system (FreeBSD 2.2.7-RELEASE) is our main webserver with only a very limited amount of accounts (staff plus a few well known users). It's running: apache-1.3.4, xinetd, telnet, cucipop-1.31, ssh-1.2.26, sendmail-8.9.1a (as non-root), mysql-3.22.14b-gamma and since a day or two: 'big brother' - a network/system monitor with a non-root daemon. Thanks for all your input. Cheers, -- laurens van alphen, craxx alphen@craxx.com, http://craxx.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000601be4a4b$360dcfb0$ac1010ac>