Hello all, Ive got SuSE 6.1 running on one of my machines and awhile back, i downloaded Marc's security crons.. just recently, i received an email that showed "The following programs have got a new suid and/or sgid bit:" basically, every suid program has a new bit.. here's a snippet..
"The following programs have got a new suid and/or sgid bit:" basically, every suid program has a new bit.. here's a snippet.. (where's the snippet?) that's true, because the secchk scripts build up something like a database with the rights. on the first run, the database is built up from ground, and therefore every file gets a (new) entry.
regards Markus Gaugusch
That explains a lot. Now I am wondering if I should just uninstall secchk on this box, since its output is more of an annoyance than a security tool for me. I am planning a second box for use as server only, so secchk will probably be more useful there, where little will change on a daily basis. It would be great to have a similar script with an incremental update of the database. Rob. Markus Gaugusch wrote:
"The following programs have got a new suid and/or sgid bit:" basically, every suid program has a new bit.. here's a snippet.. (where's the snippet?) that's true, because the secchk scripts build up something like a database with the rights. on the first run, the database is built up from ground, and therefore every file gets a (new) entry.
regards Markus Gaugusch
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
On Mon, 5 Jun 2000, Chrissy wrote:
Hello all, Ive got SuSE 6.1 running on one of my machines and awhile back, i downloaded Marc's security crons.. just recently, i received an email that showed "The following programs have got a new suid and/or sgid bit:" basically, every suid program has a new bit.. here's a snippet..
maybe it was the first run of the script... so. it has to create a initial set of setugid progs. subsequent runs should only report the changes. Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47
I have the same problem on my 6.4 installation. In addition to that, the secchk scripts keep saying that the same files have changed over and over. For the most part I get the same messages every time. And they are not referring to cache files or similar which would have changed frequently. I basically ignore the emails I get from secchk. I use tripwire instead. Rob. Chrissy wrote:
Hello all, Ive got SuSE 6.1 running on one of my machines and awhile back, i downloaded Marc's security crons.. just recently, i received an email that showed "The following programs have got a new suid and/or sgid bit:" basically, every suid program has a new bit.. here's a snippet..
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (4)
-
Chrissy -
europax@home.com -
Markus Gaugusch -
Thomas Biege