1 |
n 7/12/06, James <wireless@×××××××××××.com> wrote: |
2 |
> |
3 |
> Hello |
4 |
> |
5 |
> I was performing a routine security audit using: |
6 |
> |
7 |
> find / -user root -perm -4000 -print |
8 |
> |
9 |
> which found these peculiar files: |
10 |
> |
11 |
> /usr/athena/bin/su |
12 |
> /usr/athena/bin/otp |
13 |
> /usr/athena/bin/rcp |
14 |
> /usr/athena/bin/rsh |
15 |
> /usr/athena/bin/rlogin |
16 |
> |
17 |
> |
18 |
> upon greater inspection this is most troubling: |
19 |
> |
20 |
> -rws--x--x 1 root root 108416 May 4 19:52 /usr/athena/bin/su |
21 |
> -rws--x--x 1 root root 105640 May 4 19:52 /usr/athena/bin/otp |
22 |
> -rws--x--x 1 root root 95840 May 4 19:52 /usr/athena/bin/rlogin |
23 |
> |
24 |
> |
25 |
> Are these part of a normal gentoo system running hardened, or is it |
26 |
> time to re-install this machine? |
27 |
> |
28 |
> |
29 |
> James |
30 |
> |
31 |
> |
32 |
> |
33 |
> |
34 |
> -- |
35 |
> gentoo-user@g.o mailing list |
36 |
> |
37 |
> |
38 |
Not normal. I use hardened on two seperate servers and don't have those |
39 |
files. |
40 |
|
41 |
-- |
42 |
- Mark Shields |