![](https://seccdn.libravatar.org/avatar/f8695ae06603ec883c251dda571b51a4.jpg?s=120&d=mm&r=g)
Hello all, Ive got SuSE 6.1 running on one of my machines and awhile back, i downloaded Marc's security crons.. just recently, i received an email that showed "The following programs have got a new suid and/or sgid bit:" basically, every suid program has a new bit.. here's a snippet..
![](https://seccdn.libravatar.org/avatar/27fb6d86083291b20eb981e08ff2a562.jpg?s=120&d=mm&r=g)
"The following programs have got a new suid and/or sgid bit:" basically, every suid program has a new bit.. here's a snippet.. (where's the snippet?) that's true, because the secchk scripts build up something like a database with the rights. on the first run, the database is built up from ground, and therefore every file gets a (new) entry.
regards Markus Gaugusch
![](https://seccdn.libravatar.org/avatar/7aef333b034afd4582a9372e5614cf33.jpg?s=120&d=mm&r=g)
That explains a lot. Now I am wondering if I should just uninstall secchk on this box, since its output is more of an annoyance than a security tool for me. I am planning a second box for use as server only, so secchk will probably be more useful there, where little will change on a daily basis. It would be great to have a similar script with an incremental update of the database. Rob. Markus Gaugusch wrote:
"The following programs have got a new suid and/or sgid bit:" basically, every suid program has a new bit.. here's a snippet.. (where's the snippet?) that's true, because the secchk scripts build up something like a database with the rights. on the first run, the database is built up from ground, and therefore every file gets a (new) entry.
regards Markus Gaugusch
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
![](https://seccdn.libravatar.org/avatar/1991d1c148617abfd1d1dfe7d444e39a.jpg?s=120&d=mm&r=g)
On Mon, 5 Jun 2000, Chrissy wrote:
Hello all, Ive got SuSE 6.1 running on one of my machines and awhile back, i downloaded Marc's security crons.. just recently, i received an email that showed "The following programs have got a new suid and/or sgid bit:" basically, every suid program has a new bit.. here's a snippet..
maybe it was the first run of the script... so. it has to create a initial set of setugid progs. subsequent runs should only report the changes. Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47
![](https://seccdn.libravatar.org/avatar/7aef333b034afd4582a9372e5614cf33.jpg?s=120&d=mm&r=g)
I have the same problem on my 6.4 installation. In addition to that, the secchk scripts keep saying that the same files have changed over and over. For the most part I get the same messages every time. And they are not referring to cache files or similar which would have changed frequently. I basically ignore the emails I get from secchk. I use tripwire instead. Rob. Chrissy wrote:
Hello all, Ive got SuSE 6.1 running on one of my machines and awhile back, i downloaded Marc's security crons.. just recently, i received an email that showed "The following programs have got a new suid and/or sgid bit:" basically, every suid program has a new bit.. here's a snippet..
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (4)
-
Chrissy
-
europax@home.com
-
Markus Gaugusch
-
Thomas Biege