1 |
Hello |
2 |
|
3 |
I was performing a routine security audit using: |
4 |
|
5 |
find / -user root -perm -4000 -print |
6 |
|
7 |
which found these peculiar files: |
8 |
|
9 |
/usr/athena/bin/su |
10 |
/usr/athena/bin/otp |
11 |
/usr/athena/bin/rcp |
12 |
/usr/athena/bin/rsh |
13 |
/usr/athena/bin/rlogin |
14 |
|
15 |
|
16 |
upon greater inspection this is most troubling: |
17 |
|
18 |
-rws--x--x 1 root root 108416 May 4 19:52 /usr/athena/bin/su |
19 |
-rws--x--x 1 root root 105640 May 4 19:52 /usr/athena/bin/otp |
20 |
-rws--x--x 1 root root 95840 May 4 19:52 /usr/athena/bin/rlogin |
21 |
|
22 |
|
23 |
Are these part of a normal gentoo system running hardened, or is it |
24 |
time to re-install this machine? |
25 |
|
26 |
|
27 |
James |
28 |
|
29 |
|
30 |
|
31 |
|
32 |
-- |
33 |
gentoo-user@g.o mailing list |