|
|||
strange security run output
Hi all,
Today I saw this in my host's security run output: Code:
vpn-gateway setuid diffs: --- /var/log/setuid.today 2008-05-26 05:02:15.000000000 +0200 +++ /tmp/security.0L5p4t7k 2008-06-23 05:02:29.000000000 +0200 @@ -1,46 +1,46 @@ -49737 -r-sr-xr-x 1 root wheel 18540 Feb 24 17:50:52 2008 /bin/rcp -16512 -r-sr-x--- 1 root operator 5256 Feb 24 17:51:42 2008 /sbin/mksnap_ffs -16528 -r-sr-xr-x 1 root wheel 23872 Feb 24 17:51:43 2008 /sbin/ping -16529 -r-sr-xr-x 1 root wheel 31196 Feb 24 17:51:43 2008 /sbin/ping6 -16544 -r-sr-x--- 1 root operator 10700 Feb 24 17:51:44 2008 /sbin/shutdown -1483879 -r-sr-xr-x 4 root wheel 21520 Feb 24 17:52:33 2008 /usr/bin/at -1483879 -r-sr-xr-x 4 root wheel 21520 Feb 24 17:52:33 2008 /usr/bin/atq -1483879 -r-sr-xr-x 4 root wheel 21520 Feb 24 17:52:33 2008 /usr/bin/atrm -1483879 -r-sr-xr-x 4 root wheel 21520 Feb 24 17:52:33 2008 /usr/bin/batch -1483886 -r-xr-sr-x 1 root kmem 9180 Feb 24 17:52:33 2008 /usr/bin/btsockstat -1483901 -r-sr-xr-x 6 root wheel 18468 Feb 24 17:52:34 2008 /usr/bin/chfn -1483901 -r-sr-xr-x 6 root wheel 18468 Feb 24 17:52:34 2008 /usr/bin/chpass -1483901 -r-sr-xr-x 6 root wheel 18468 Feb 24 17:52:34 2008 /usr/bin/chsh -1484110 -r-sr-xr-x 1 root wheel 26092 Feb 24 17:52:57 2008 /usr/bin/crontab -1483934 -r-xr-sr-x 1 root kmem 15468 Feb 24 17:52:37 2008 /usr/bin/fstat -1483979 -r-sr-xr-x 1 root wheel 8296 Feb 24 17:52:42 2008 /usr/bin/lock -1483982 -r-sr-xr-x 1 root wheel 21556 Feb 24 17:52:42 2008 /usr/bin/login -1484114 -r-sr-sr-x 1 root daemon 25876 Feb 24 17:53:03 2008 /usr/bin/lpq -1484115 -r-sr-sr-x 1 root daemon 29368 Feb 24 17:53:03 2008 /usr/bin/lpr -1484116 -r-sr-sr-x 1 root daemon 24600 Feb 24 17:53:03 2008 /usr/bin/lprm -1484006 -r-xr-sr-x 1 root kmem 141832 Feb 24 17:52:44 2008 /usr/bin/netstat -1484014 -r-sr-xr-x 1 root wheel 4572 Feb 24 17:52:45 2008 /usr/bin/opieinfo -1484016 -r-sr-xr-x 1 root wheel 11652 Feb 24 17:52:45 2008 /usr/bin/opiepasswd -1484018 -r-sr-xr-x 2 root wheel 6020 Feb 24 17:52:45 2008 /usr/bin/passwd -1484029 -r-sr-xr-x 1 root wheel 10828 Feb 24 17:52:45 2008 /usr/bin/rlogin -1484033 -r-sr-xr-x 1 root wheel 8640 Feb 24 17:52:46 2008 /usr/bin/rsh -1484047 -r-sr-xr-x 1 root wheel 14472 Feb 24 17:52:46 2008 /usr/bin/su -1484090 -r-xr-sr-x 1 root tty 11252 Feb 24 17:52:50 2008 /usr/bin/wall -1484098 -r-xr-sr-x 1 root tty 8708 Feb 24 17:52:50 2008 /usr/bin/write -1483901 -r-sr-xr-x 6 root wheel 18468 Feb 24 17:52:34 2008 /usr/bin/ypchfn -1483901 -r-sr-xr-x 6 root wheel 18468 Feb 24 17:52:34 2008 /usr/bin/ypchpass -1483901 -r-sr-xr-x 6 root wheel 18468 Feb 24 17:52:34 2008 /usr/bin/ypchsh -1484018 -r-sr-xr-x 2 root wheel 6020 Feb 24 17:52:45 2008 /usr/bin/yppasswd -1719312 -r-sr-xr-x 1 root wheel 3372 Feb 24 17:50:49 2008 /usr/libexec/pt_chown -1719355 -r-xr-sr-x 1 root smmsp 665464 Feb 24 17:53:13 2008 /usr/libexec/sendmail/sendmail -215785 -rwsr-xr-x 1 root wheel 20347 May 25 21:03:39 2008 /usr/local/bin/lppasswd -212610 -rwsr-xr-x 1 root wheel 303476 May 8 12:38:13 2008 /usr/local/bin/screen -1742879 -r-sr-sr-x 1 root authpf 18636 Feb 24 17:52:54 2008 /usr/sbin/authpf -1742959 -r-xr-sr-x 1 root daemon 46064 Feb 24 17:53:03 2008 /usr/sbin/lpc -1743020 -r-sr-x--- 1 root network 368516 Feb 24 17:53:09 2008 /usr/sbin/ppp -1743022 -r-sr-x--- 1 root dialer 117164 Feb 24 17:53:09 2008 /usr/sbin/pppd -1743057 -r-sr-x--- 1 root network 14332 Feb 24 17:53:14 2008 /usr/sbin/sliplogin -1743070 -r-sr-xr-x 1 root wheel 15596 Feb 24 17:53:15 2008 /usr/sbin/timedc -1743071 -r-sr-xr-x 1 root wheel 23404 Feb 24 17:53:15 2008 /usr/sbin/traceroute -1743072 -r-sr-xr-x 1 root wheel 18396 Feb 24 17:53:15 2008 /usr/sbin/traceroute6 -1743073 -r-xr-sr-x 1 root kmem 8644 Feb 24 17:53:15 2008 /usr/sbin/trpt +49737 -r-sr-xr-x 1 root wheel 18540 Feb 24 18:50:52 2008 /bin/rcp +16512 -r-sr-x--- 1 root operator 5256 Feb 24 18:51:42 2008 /sbin/mksnap_ffs +16528 -r-sr-xr-x 1 root wheel 23872 Feb 24 18:51:43 2008 /sbin/ping +16529 -r-sr-xr-x 1 root wheel 31196 Feb 24 18:51:43 2008 /sbin/ping6 +16544 -r-sr-x--- 1 root operator 10700 Feb 24 18:51:44 2008 /sbin/shutdown +1483879 -r-sr-xr-x 4 root wheel 21520 Feb 24 18:52:33 2008 /usr/bin/at +1483879 -r-sr-xr-x 4 root wheel 21520 Feb 24 18:52:33 2008 /usr/bin/atq +1483879 -r-sr-xr-x 4 root wheel 21520 Feb 24 18:52:33 2008 /usr/bin/atrm +1483879 -r-sr-xr-x 4 root wheel 21520 Feb 24 18:52:33 2008 /usr/bin/batch +1483886 -r-xr-sr-x 1 root kmem 9180 Feb 24 18:52:33 2008 /usr/bin/btsockstat +1483901 -r-sr-xr-x 6 root wheel 18468 Feb 24 18:52:34 2008 /usr/bin/chfn +1483901 -r-sr-xr-x 6 root wheel 18468 Feb 24 18:52:34 2008 /usr/bin/chpass +1483901 -r-sr-xr-x 6 root wheel 18468 Feb 24 18:52:34 2008 /usr/bin/chsh +1484110 -r-sr-xr-x 1 root wheel 26092 Feb 24 18:52:57 2008 /usr/bin/crontab +1483934 -r-xr-sr-x 1 root kmem 15468 Feb 24 18:52:37 2008 /usr/bin/fstat +1483979 -r-sr-xr-x 1 root wheel 8296 Feb 24 18:52:42 2008 /usr/bin/lock +1483982 -r-sr-xr-x 1 root wheel 21556 Feb 24 18:52:42 2008 /usr/bin/login +1484114 -r-sr-sr-x 1 root daemon 25876 Feb 24 18:53:03 2008 /usr/bin/lpq +1484115 -r-sr-sr-x 1 root daemon 29368 Feb 24 18:53:03 2008 /usr/bin/lpr +1484116 -r-sr-sr-x 1 root daemon 24600 Feb 24 18:53:03 2008 /usr/bin/lprm +1484006 -r-xr-sr-x 1 root kmem 141832 Feb 24 18:52:44 2008 /usr/bin/netstat +1484014 -r-sr-xr-x 1 root wheel 4572 Feb 24 18:52:45 2008 /usr/bin/opieinfo +1484016 -r-sr-xr-x 1 root wheel 11652 Feb 24 18:52:45 2008 /usr/bin/opiepasswd +1484018 -r-sr-xr-x 2 root wheel 6020 Feb 24 18:52:45 2008 /usr/bin/passwd +1484029 -r-sr-xr-x 1 root wheel 10828 Feb 24 18:52:45 2008 /usr/bin/rlogin +1484033 -r-sr-xr-x 1 root wheel 8640 Feb 24 18:52:46 2008 /usr/bin/rsh +1484047 -r-sr-xr-x 1 root wheel 14472 Feb 24 18:52:46 2008 /usr/bin/su +1484090 -r-xr-sr-x 1 root tty 11252 Feb 24 18:52:50 2008 /usr/bin/wall +1484098 -r-xr-sr-x 1 root tty 8708 Feb 24 18:52:50 2008 /usr/bin/write +1483901 -r-sr-xr-x 6 root wheel 18468 Feb 24 18:52:34 2008 /usr/bin/ypchfn +1483901 -r-sr-xr-x 6 root wheel 18468 Feb 24 18:52:34 2008 /usr/bin/ypchpass +1483901 -r-sr-xr-x 6 root wheel 18468 Feb 24 18:52:34 2008 /usr/bin/ypchsh +1484018 -r-sr-xr-x 2 root wheel 6020 Feb 24 18:52:45 2008 /usr/bin/yppasswd +1719312 -r-sr-xr-x 1 root wheel 3372 Feb 24 18:50:49 2008 /usr/libexec/pt_chown +1719355 -r-xr-sr-x 1 root smmsp 665464 Feb 24 18:53:13 2008 /usr/libexec/sendmail/sendmail +215785 -rwsr-xr-x 1 root wheel 20347 May 25 23:03:39 2008 /usr/local/bin/lppasswd +212610 -rwsr-xr-x 1 root wheel 303476 May 8 14:38:13 2008 /usr/local/bin/screen +1742879 -r-sr-sr-x 1 root authpf 18636 Feb 24 18:52:54 2008 /usr/sbin/authpf +1742959 -r-xr-sr-x 1 root daemon 46064 Feb 24 18:53:03 2008 /usr/sbin/lpc +1743020 -r-sr-x--- 1 root network 368516 Feb 24 18:53:09 2008 /usr/sbin/ppp +1743022 -r-sr-x--- 1 root dialer 117164 Feb 24 18:53:09 2008 /usr/sbin/pppd +1743057 -r-sr-x--- 1 root network 14332 Feb 24 18:53:14 2008 /usr/sbin/sliplogin +1743070 -r-sr-xr-x 1 root wheel 15596 Feb 24 18:53:15 2008 /usr/sbin/timedc +1743071 -r-sr-xr-x 1 root wheel 23404 Feb 24 18:53:15 2008 /usr/sbin/traceroute +1743072 -r-sr-xr-x 1 root wheel 18396 Feb 24 18:53:15 2008 /usr/sbin/traceroute6 +1743073 -r-xr-sr-x 1 root kmem 8644 Feb 24 18:53:15 2008 /usr/sbin/trpt Thanks in advance! |
|
|||
Did you rebuild your userland?
|
|
||||
To elaborate on that a bit, you're looking at a unified diff(1) in your security output.
It appears that a number of setuid/setgid binaries on your system have changed since the last time the periodic security scripts ran. As BSDfan666 asks, this could be related to rebuilding world.
__________________
Kill your t.v. |
|
|||
Quote:
As far as I know, I didn't compiled in userland lately. :s I thought it was maybe the work of a hacker but I don't know why the permissions are still the same. Still thanks though for you input guys! |
|
|||
Quote:
that will be what is causing it thanks man! |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
dwm status bar won't display apm output | asemisldkfj | General software and network | 6 | 16th August 2009 11:07 PM |
echo tcpdump date to an output | bsdnewbie999 | Programming | 8 | 8th April 2009 02:58 PM |
strange dmesg output | gosha | OpenBSD General | 4 | 11th March 2009 01:10 PM |
Digital sound output | Zodox | FreeBSD General | 5 | 12th November 2008 02:21 PM |
C and file input/output | 18Googol2 | Programming | 3 | 20th August 2008 04:02 PM |