|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: [suse-security] Weekly-check: Is this normal ?
From: Mario Neubert (mario_neubert
gmx.de)
Date: Sun Apr 13 2003 - 23:37:40 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello Gunther
yes this is normal because the security-script runs a find for files and
use it as input into ls(1) or whatever. What happens when
you get empty input? By default the ls lists the current working
directory and therefor this output. See /usr/lib/secchk/security~ekly.sh
line ~ 90-124.
cu mario
> -----Original Message-----
> From: Gunther Stammwitz [mailto:gstammwgmx.net]
> Sent: Monday, April 14, 2003 1:09 AM
> To: suse-securitysuse.com
> Subject: [suse-security] Weekly-check: Is this normal ?
>
>
> Hello List,
>
>
> I've just received the weekly-check-report from one of my
> servers running
> suse 8.0
> There's a very annying message because a file called "." has
> been changed.
>
> Do you think this is normal or did a hacker start installing
> rootkits ?
>
> Greetings,
> Gunther
>
>
> SuSE weekly security check v2.0 by Marc Heuse <marcsuse.de>
> This is an
> automated mail by the seccheck tool. If you want to disable
> this service,
> just type "mv /etc/cron.d/seccheck /etc/cron.d_seccheck.save".
>
> DISCLAIMER
>
> Please note that these security checks are neither complete
> nor reliable.
> Any attacker with proper experience and root access to your system can
> deceive *any* security check!
>
> [..]
>
> Please check and perhaps disable the following unused accounts:
>
> The following files are suid/sgid:
> - drwx------ 7 root root 4096 Tue Dec 31
> 15:28:17 2002 .
> + drwx------ 7 root root 4096 Sat Apr 12
> 15:30:15 2003 .
>
> The following program executables are group/world writeable:
> - drwx------ 7 root root 4096 Tue Dec 31
> 15:28:17 2002 .
> + drwx------ 7 root root 4096 Sat Apr 12
> 15:30:15 2003 .
>
> The following devices were added:
> - drwx------ root root 4096 Dec
> + drwx------ root root 4096 Apr
>
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-helpsuse.com
> Security-related bug reports go to securitysuse.de, not here
>
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]