DaemonForums - View Single Post

deadeyes · #1 **(View Single Post)** 28th June 2008

Hi all,

Today I saw this in my host's security run output:

Code:

vpn-gateway setuid diffs:
--- /var/log/setuid.today       2008-05-26 05:02:15.000000000 +0200
+++ /tmp/security.0L5p4t7k      2008-06-23 05:02:29.000000000 +0200
@@ -1,46 +1,46 @@
-49737 -r-sr-xr-x  1 root  wheel      18540 Feb 24 17:50:52 2008 /bin/rcp
-16512 -r-sr-x---  1 root  operator    5256 Feb 24 17:51:42 2008 /sbin/mksnap_ffs
-16528 -r-sr-xr-x  1 root  wheel      23872 Feb 24 17:51:43 2008 /sbin/ping
-16529 -r-sr-xr-x  1 root  wheel      31196 Feb 24 17:51:43 2008 /sbin/ping6
-16544 -r-sr-x---  1 root  operator   10700 Feb 24 17:51:44 2008 /sbin/shutdown
-1483879 -r-sr-xr-x  4 root  wheel      21520 Feb 24 17:52:33 2008 /usr/bin/at
-1483879 -r-sr-xr-x  4 root  wheel      21520 Feb 24 17:52:33 2008 /usr/bin/atq
-1483879 -r-sr-xr-x  4 root  wheel      21520 Feb 24 17:52:33 2008 /usr/bin/atrm
-1483879 -r-sr-xr-x  4 root  wheel      21520 Feb 24 17:52:33 2008 /usr/bin/batch
-1483886 -r-xr-sr-x  1 root  kmem        9180 Feb 24 17:52:33 2008 /usr/bin/btsockstat
-1483901 -r-sr-xr-x  6 root  wheel      18468 Feb 24 17:52:34 2008 /usr/bin/chfn
-1483901 -r-sr-xr-x  6 root  wheel      18468 Feb 24 17:52:34 2008 /usr/bin/chpass
-1483901 -r-sr-xr-x  6 root  wheel      18468 Feb 24 17:52:34 2008 /usr/bin/chsh
-1484110 -r-sr-xr-x  1 root  wheel     26092 Feb 24 17:52:57 2008 /usr/bin/crontab
-1483934 -r-xr-sr-x  1 root  kmem       15468 Feb 24 17:52:37 2008 /usr/bin/fstat
-1483979 -r-sr-xr-x  1 root  wheel       8296 Feb 24 17:52:42 2008 /usr/bin/lock
-1483982 -r-sr-xr-x  1 root  wheel      21556 Feb 24 17:52:42 2008 /usr/bin/login
-1484114 -r-sr-sr-x  1 root  daemon    25876 Feb 24 17:53:03 2008 /usr/bin/lpq
-1484115 -r-sr-sr-x  1 root  daemon    29368 Feb 24 17:53:03 2008 /usr/bin/lpr
-1484116 -r-sr-sr-x  1 root  daemon    24600 Feb 24 17:53:03 2008 /usr/bin/lprm
-1484006 -r-xr-sr-x  1 root  kmem      141832 Feb 24 17:52:44 2008 /usr/bin/netstat
-1484014 -r-sr-xr-x  1 root  wheel      4572 Feb 24 17:52:45 2008 /usr/bin/opieinfo
-1484016 -r-sr-xr-x  1 root  wheel     11652 Feb 24 17:52:45 2008 /usr/bin/opiepasswd
-1484018 -r-sr-xr-x  2 root  wheel      6020 Feb 24 17:52:45 2008 /usr/bin/passwd
-1484029 -r-sr-xr-x  1 root  wheel     10828 Feb 24 17:52:45 2008 /usr/bin/rlogin
-1484033 -r-sr-xr-x  1 root  wheel      8640 Feb 24 17:52:46 2008 /usr/bin/rsh
-1484047 -r-sr-xr-x  1 root  wheel     14472 Feb 24 17:52:46 2008 /usr/bin/su
-1484090 -r-xr-sr-x  1 root  tty       11252 Feb 24 17:52:50 2008 /usr/bin/wall
-1484098 -r-xr-sr-x  1 root  tty        8708 Feb 24 17:52:50 2008 /usr/bin/write
-1483901 -r-sr-xr-x  6 root  wheel      18468 Feb 24 17:52:34 2008 /usr/bin/ypchfn
-1483901 -r-sr-xr-x  6 root  wheel      18468 Feb 24 17:52:34 2008 /usr/bin/ypchpass
-1483901 -r-sr-xr-x  6 root  wheel      18468 Feb 24 17:52:34 2008 /usr/bin/ypchsh
-1484018 -r-sr-xr-x  2 root  wheel      6020 Feb 24 17:52:45 2008 /usr/bin/yppasswd
-1719312 -r-sr-xr-x  1 root  wheel      3372 Feb 24 17:50:49 2008 /usr/libexec/pt_chown
-1719355 -r-xr-sr-x  1 root  smmsp    665464 Feb 24 17:53:13 2008 /usr/libexec/sendmail/sendmail
-215785 -rwsr-xr-x  1 root  wheel     20347 May 25 21:03:39 2008 /usr/local/bin/lppasswd
-212610 -rwsr-xr-x  1 root  wheel    303476 May  8 12:38:13 2008 /usr/local/bin/screen
-1742879 -r-sr-sr-x  1 root  authpf    18636 Feb 24 17:52:54 2008 /usr/sbin/authpf
-1742959 -r-xr-sr-x  1 root  daemon    46064 Feb 24 17:53:03 2008 /usr/sbin/lpc
-1743020 -r-sr-x---  1 root  network  368516 Feb 24 17:53:09 2008 /usr/sbin/ppp
-1743022 -r-sr-x---  1 root  dialer   117164 Feb 24 17:53:09 2008 /usr/sbin/pppd
-1743057 -r-sr-x---  1 root  network   14332 Feb 24 17:53:14 2008 /usr/sbin/sliplogin
-1743070 -r-sr-xr-x  1 root  wheel     15596 Feb 24 17:53:15 2008 /usr/sbin/timedc
-1743071 -r-sr-xr-x  1 root  wheel     23404 Feb 24 17:53:15 2008 /usr/sbin/traceroute
-1743072 -r-sr-xr-x  1 root  wheel     18396 Feb 24 17:53:15 2008 /usr/sbin/traceroute6
-1743073 -r-xr-sr-x  1 root  kmem       8644 Feb 24 17:53:15 2008 /usr/sbin/trpt
+49737 -r-sr-xr-x  1 root  wheel      18540 Feb 24 18:50:52 2008 /bin/rcp
+16512 -r-sr-x---  1 root  operator    5256 Feb 24 18:51:42 2008 /sbin/mksnap_ffs
+16528 -r-sr-xr-x  1 root  wheel      23872 Feb 24 18:51:43 2008 /sbin/ping
+16529 -r-sr-xr-x  1 root  wheel      31196 Feb 24 18:51:43 2008 /sbin/ping6
+16544 -r-sr-x---  1 root  operator   10700 Feb 24 18:51:44 2008 /sbin/shutdown
+1483879 -r-sr-xr-x  4 root  wheel      21520 Feb 24 18:52:33 2008 /usr/bin/at
+1483879 -r-sr-xr-x  4 root  wheel      21520 Feb 24 18:52:33 2008 /usr/bin/atq
+1483879 -r-sr-xr-x  4 root  wheel      21520 Feb 24 18:52:33 2008 /usr/bin/atrm
+1483879 -r-sr-xr-x  4 root  wheel      21520 Feb 24 18:52:33 2008 /usr/bin/batch
+1483886 -r-xr-sr-x  1 root  kmem        9180 Feb 24 18:52:33 2008 /usr/bin/btsockstat
+1483901 -r-sr-xr-x  6 root  wheel      18468 Feb 24 18:52:34 2008 /usr/bin/chfn
+1483901 -r-sr-xr-x  6 root  wheel      18468 Feb 24 18:52:34 2008 /usr/bin/chpass
+1483901 -r-sr-xr-x  6 root  wheel      18468 Feb 24 18:52:34 2008 /usr/bin/chsh
+1484110 -r-sr-xr-x  1 root  wheel     26092 Feb 24 18:52:57 2008 /usr/bin/crontab
+1483934 -r-xr-sr-x  1 root  kmem       15468 Feb 24 18:52:37 2008 /usr/bin/fstat
+1483979 -r-sr-xr-x  1 root  wheel       8296 Feb 24 18:52:42 2008 /usr/bin/lock
+1483982 -r-sr-xr-x  1 root  wheel      21556 Feb 24 18:52:42 2008 /usr/bin/login
+1484114 -r-sr-sr-x  1 root  daemon    25876 Feb 24 18:53:03 2008 /usr/bin/lpq
+1484115 -r-sr-sr-x  1 root  daemon    29368 Feb 24 18:53:03 2008 /usr/bin/lpr
+1484116 -r-sr-sr-x  1 root  daemon    24600 Feb 24 18:53:03 2008 /usr/bin/lprm
+1484006 -r-xr-sr-x  1 root  kmem      141832 Feb 24 18:52:44 2008 /usr/bin/netstat
+1484014 -r-sr-xr-x  1 root  wheel      4572 Feb 24 18:52:45 2008 /usr/bin/opieinfo
+1484016 -r-sr-xr-x  1 root  wheel     11652 Feb 24 18:52:45 2008 /usr/bin/opiepasswd
+1484018 -r-sr-xr-x  2 root  wheel      6020 Feb 24 18:52:45 2008 /usr/bin/passwd
+1484029 -r-sr-xr-x  1 root  wheel     10828 Feb 24 18:52:45 2008 /usr/bin/rlogin
+1484033 -r-sr-xr-x  1 root  wheel      8640 Feb 24 18:52:46 2008 /usr/bin/rsh
+1484047 -r-sr-xr-x  1 root  wheel     14472 Feb 24 18:52:46 2008 /usr/bin/su
+1484090 -r-xr-sr-x  1 root  tty       11252 Feb 24 18:52:50 2008 /usr/bin/wall
+1484098 -r-xr-sr-x  1 root  tty        8708 Feb 24 18:52:50 2008 /usr/bin/write
+1483901 -r-sr-xr-x  6 root  wheel      18468 Feb 24 18:52:34 2008 /usr/bin/ypchfn
+1483901 -r-sr-xr-x  6 root  wheel      18468 Feb 24 18:52:34 2008 /usr/bin/ypchpass
+1483901 -r-sr-xr-x  6 root  wheel      18468 Feb 24 18:52:34 2008 /usr/bin/ypchsh
+1484018 -r-sr-xr-x  2 root  wheel      6020 Feb 24 18:52:45 2008 /usr/bin/yppasswd
+1719312 -r-sr-xr-x  1 root  wheel      3372 Feb 24 18:50:49 2008 /usr/libexec/pt_chown
+1719355 -r-xr-sr-x  1 root  smmsp    665464 Feb 24 18:53:13 2008 /usr/libexec/sendmail/sendmail
+215785 -rwsr-xr-x  1 root  wheel     20347 May 25 23:03:39 2008 /usr/local/bin/lppasswd
+212610 -rwsr-xr-x  1 root  wheel    303476 May  8 14:38:13 2008 /usr/local/bin/screen
+1742879 -r-sr-sr-x  1 root  authpf    18636 Feb 24 18:52:54 2008 /usr/sbin/authpf
+1742959 -r-xr-sr-x  1 root  daemon    46064 Feb 24 18:53:03 2008 /usr/sbin/lpc
+1743020 -r-sr-x---  1 root  network  368516 Feb 24 18:53:09 2008 /usr/sbin/ppp
+1743022 -r-sr-x---  1 root  dialer   117164 Feb 24 18:53:09 2008 /usr/sbin/pppd
+1743057 -r-sr-x---  1 root  network   14332 Feb 24 18:53:14 2008 /usr/sbin/sliplogin
+1743070 -r-sr-xr-x  1 root  wheel     15596 Feb 24 18:53:15 2008 /usr/sbin/timedc
+1743071 -r-sr-xr-x  1 root  wheel     23404 Feb 24 18:53:15 2008 /usr/sbin/traceroute
+1743072 -r-sr-xr-x  1 root  wheel     18396 Feb 24 18:53:15 2008 /usr/sbin/traceroute6
+1743073 -r-xr-sr-x  1 root  kmem       8644 Feb 24 18:53:15 2008 /usr/sbin/trpt

I never saw it before and I wonder what this could mean and what it is causing... it seems like nothing has been changed.

Thanks in advance!