OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: AW: [suse-security] secchk package / stopping john / help!
From: alex medvedev (alexmpycckue.org)
Date: Mon Feb 14 2000 - 09:06:36 CST

hi,

i do not believe that i run any of the scripts you mentioned, but
i experience exactly same symptoms with xterm since some time ago --> only
root can run it (xterm permissions are -rwsr-xr-x 1 root root )
bye,

-alexm

On Mon, 14 Feb 2000, Michael Balzer wrote:

> hi petri,
>
> > process of john was left in a curious limbo state. Did you update your
> > system while in simgle user mode, didn't you.
> > Well doing security while online with multiple users online
> > is not good
> > practise.
>
> marc's secchk scripts are started automatically daily,
> weekly and monthly. they are not supposed to change any vital
> settings, but only to check for and report potential problems.
>
> > It seems the files have been tampered with. This might also
> > result from
> > an unclean shutdown leaving some or all filesystems mounted read/write
> > while rebooting.
> >
> > Have you considered this behavior being created by some part of
> > filesystem activity. It might well happen if you tried to kill some
> > 'child' which was for example doing write operations to unreachable
> > filesystem part ( which by the way turned unwriteable by the security
> > scripts for example ). The parent might just had being 'retrying' for
> > the critical write operation.
>
> how would this explain that everything's running fine
> when logged in as root?

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com