| 1 |
n 7/12/06, James <wireless@×××××××××××.com> wrote: |
| 2 |
> |
| 3 |
> Hello |
| 4 |
> |
| 5 |
> I was performing a routine security audit using: |
| 6 |
> |
| 7 |
> find / -user root -perm -4000 -print |
| 8 |
> |
| 9 |
> which found these peculiar files: |
| 10 |
> |
| 11 |
> /usr/athena/bin/su |
| 12 |
> /usr/athena/bin/otp |
| 13 |
> /usr/athena/bin/rcp |
| 14 |
> /usr/athena/bin/rsh |
| 15 |
> /usr/athena/bin/rlogin |
| 16 |
> |
| 17 |
> |
| 18 |
> upon greater inspection this is most troubling: |
| 19 |
> |
| 20 |
> -rws--x--x 1 root root 108416 May 4 19:52 /usr/athena/bin/su |
| 21 |
> -rws--x--x 1 root root 105640 May 4 19:52 /usr/athena/bin/otp |
| 22 |
> -rws--x--x 1 root root 95840 May 4 19:52 /usr/athena/bin/rlogin |
| 23 |
> |
| 24 |
> |
| 25 |
> Are these part of a normal gentoo system running hardened, or is it |
| 26 |
> time to re-install this machine? |
| 27 |
> |
| 28 |
> |
| 29 |
> James |
| 30 |
> |
| 31 |
> |
| 32 |
> |
| 33 |
> |
| 34 |
> -- |
| 35 |
> gentoo-user@g.o mailing list |
| 36 |
> |
| 37 |
> |
| 38 |
Not normal. I use hardened on two seperate servers and don't have those |
| 39 |
files. |
| 40 |
|
| 41 |
-- |
| 42 |
- Mark Shields |
Archives