[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Insecurity report setuid stuff



I received a report a couple of days ago that there were setuid/setguid 
changes to my system.  The listing was somewhat odd though(don't have it with 
me sadly).  Each file was listed twice with the exact same parameters 
across(same file size, same permissions including setuid/setguid bits, same 
name, etc..).  I checked these files to another system that I know is secure 
and md5 sums appear the same(but a rootkit could hide that in theory).  Any 
thoughts?  Why would the system send an insecurity report about files that 
haven't changed even though it thinks they have(but I have no clue how).  Some 
of the files reported as changed were(postfix, xterm, several other X tools).  
I haven't recompiled anything within at least a week before the date the email 
was sent.  System appears to be fine but I don't trust it.  Any thoughts are 
appreciated.

Eric



Visit your host, monkey.org