DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Security

FreeBSD Security Securing FreeBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 9th June 2012
nikolajg nikolajg is offline
New User
 
Join Date: Feb 2011
Posts: 3
Default wheel group missing in group file

Hi,

Im using:

FreeBSD xxx.xxx.xxx 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan 3 07:46:30 UTC 2012 root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64

To my surprise I saw that the "wheel" group where missing:

wheel:*:0:root,my-username

Beforehand Ive updated the ports with:

# csup -L 2 -h cvsup.dk.freebsd.org /usr/share/examples/cvsup/ports-supfile

, and the run:

# /usr/local/sbin/pkgdb -F
# /usr/local/sbin/portsdb -Uu
# portupgrade -aP

Im a bit skeptical about this - could someone please comment on that.

Thanks.


Nikolaj G.
Reply With Quote
  #2   (View Single Post)  
Old 11th June 2012
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

I also don't understand how a portupgrade would wipe out the wheel group from /etc/group
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #3   (View Single Post)  
Old 17th June 2012
nikolajg nikolajg is offline
New User
 
Join Date: Feb 2011
Posts: 3
Default

hi J65nko, what are the the effects of the wheel group missing - I mean, is it of interest for an intruder? Thanks. Nikolaj G.
Reply With Quote
  #4   (View Single Post)  
Old 20th June 2012
liquidshane's Avatar
liquidshane liquidshane is offline
New User
 
Join Date: Jun 2012
Posts: 7
Default

I personally can't imagine any way missing the wheel group could be exploited. There are a fair amount of Linux systems that come with wheel inactive, from my understanding.

This was from a standard FreeBSD iso I imagine? If you can point me to the exact iso you used I'd be happy to download it and attempt a few runs on it myself to see if I can recreate.
Reply With Quote
  #5   (View Single Post)  
Old 20th June 2012
liquidshane's Avatar
liquidshane liquidshane is offline
New User
 
Join Date: Jun 2012
Posts: 7
Default

Scratch that, I'm just gonna try with the disc and the dvd release I have them available. Will see if the same thing happens for me.
Reply With Quote
  #6   (View Single Post)  
Old 20th June 2012
liquidshane's Avatar
liquidshane liquidshane is offline
New User
 
Join Date: Jun 2012
Posts: 7
Default

Following your instructions and recreating your steps with FreeBSD 9 amd64 with three copied images on KVM, I was unable to recreate a scenario where the wheel group was removed from the system.

I know that's not helpful, but it means that something else is missing. If you can look through bash history or anything else to determine what else might have been done or changed, or if you can get a timestamp for when the wheel group was removed, it may help to shed light. Otherwise I can't pretend to know more.
Reply With Quote
  #7   (View Single Post)  
Old 5th October 2012
nikolajg nikolajg is offline
New User
 
Join Date: Feb 2011
Posts: 3
Default

Hi Liquidshane, sorry for the late answer. I bought 10 security books which Im currrently going through. I made a reinstall. Only ssh with private key is open now. Thanks for the effort.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Start DragonFly Thread Group fader Feedback and Suggestions 1 7th August 2009 05:02 PM
Canadian BSD user group.. BSDfan666 Off-Topic 5 11th January 2009 03:37 PM
C Programming Study Group on SDF cajunman4life Programming 0 23rd August 2008 02:27 AM
Unexpected Change of owner:group in file system Dotiroygsbre Other BSD and UNIX/UNIX-like 0 15th August 2008 04:09 PM
OpenBSD Social Group ai-danno OpenBSD General 7 7th July 2008 04:59 PM


All times are GMT. The time now is 03:29 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick