Hello list, this morning I found the following in the weekly security check email: (SuSE 7.3, Marc Heuse's Security Check scripts)
The following program executables are group/world writeable: - drwx------ 5 root root 194 Fri Jan 25 11:12:01 2002 . + drwx------ 5 root root 194 Mon Feb 04 00:55:23 2002 .
There seem to be no filenames in these lines, somewhat suspicios. Any ideas? Dietrich -- Dietrich Meyer Domain Names Worldwide SunnyNames llp www.sunnynames.com email: info@sunnynames.com -- -- This message may contain privileged and/or confidential information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information therein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. SunnyNames llp thanks you for your cooperation.
On Monday, 4. February 2002 16:53, Dietrich Meyer wrote:
this morning I found the following in the weekly security check email: (SuSE 7.3, Marc Heuse's Security Check scripts)
The following program executables are group/world writeable: - drwx------ 5 root root 194 Fri Jan 25 11:12:01 2002 . + drwx------ 5 root root 194 Mon Feb 04 00:55:23 2002 .
There seem to be no filenames in these lines, somewhat suspicios. Any ideas?
I observe the same, since ages ago (SuSE 7.0), and also the following: The following files are suid/sgid: + ++ /var/lib/secchk/data/sbit.new Mon Feb 4 01:01:16 2002 - drwx------ 17 root root 2048 Jan 14 02:28 . + drwx------ 17 root root 2048 Feb 1 16:19 . The following devices were added: + ++ /var/lib/secchk/data/devices.new Mon Feb 4 01:36:34 2002 - drwx------ root root 2048 Jan + drwx------ root root 2048 Feb I guess it is a bug in the scripts. Michael
I guess it is a bug in the scripts.
well, I think its sort of dummy argument in case nothing _real_ is found, just to make the list contain something, so you can compare on something, and you know that part of the script has been done. lars On Mon, Feb 04, 2002 at 04:57:22PM +0900, Michael Dreher wrote:
On Monday, 4. February 2002 16:53, Dietrich Meyer wrote:
this morning I found the following in the weekly security check email: (SuSE 7.3, Marc Heuse's Security Check scripts)
The following program executables are group/world writeable: - drwx------ 5 root root 194 Fri Jan 25 11:12:01 2002 . + drwx------ 5 root root 194 Mon Feb 04 00:55:23 2002 .
There seem to be no filenames in these lines, somewhat suspicios. Any ideas?
I observe the same, since ages ago (SuSE 7.0), and also the following:
The following files are suid/sgid: + ++ /var/lib/secchk/data/sbit.new Mon Feb 4 01:01:16 2002 - drwx------ 17 root root 2048 Jan 14 02:28 . + drwx------ 17 root root 2048 Feb 1 16:19 .
The following devices were added: + ++ /var/lib/secchk/data/devices.new Mon Feb 4 01:36:34 2002 - drwx------ root root 2048 Jan + drwx------ root root 2048 Feb
I guess it is a bug in the scripts.
Michael
On Tuesday, 5. February 2002 00:17, l.g.e@web.de wrote:
I guess it is a bug in the scripts.
well, I think its sort of dummy argument in case nothing _real_ is found, just to make the list contain something, so you can compare on something, and you know that part of the script has been done.
lars
I dont believe so. This has nothing to do with "compare". The monthly report gives me the following: ----------------------------------------------------- Complete list of writeable and executeable programs: drwx------ 20 root root 2048 Aug 14 18:43 . Complete list of suid/sgid files: drwx------ 20 root root 2048 Aug 14 18:43 . Complete list of world writeable files: Complete list of all changed installed packages: S.5....T c /etc/ftpusers S.5....T c /etc/hosts S.5....T c /etc/inetd.conf (long list skipped) Complete list of (char/block) devices: drwx------ root root 2048 Aug ------------------------------------------------------ And the last one is obviously wrong. Two years ago, the output looked like the following: Complete list of (char/block) devices: crw--w--w- Dreher tty 4, 0 /dev/tty0 crw--w---- Dreher tty 4, 2 /dev/tty2 crw-rw---- root tty 4, 1 /dev/tty1 crw-rw-rw- root root 2, 0 /dev/ptyp0 (and so on)
The following files are suid/sgid: + ++ /var/lib/secchk/data/sbit.new Mon Feb 4 01:01:16 2002 - drwx------ 17 root root 2048 Jan 14 02:28 . + drwx------ 17 root root 2048 Feb 1 16:19 .
The following devices were added: + ++ /var/lib/secchk/data/devices.new Mon Feb 4 01:36:34 2002 - drwx------ root root 2048 Jan + drwx------ root root 2048 Feb
Regards, Michael
Michael Dreher wrote:
On Monday, 4. February 2002 16:53, Dietrich Meyer wrote:
this morning I found the following in the weekly security check email: (SuSE 7.3, Marc Heuse's Security Check scripts)
The following program executables are group/world writeable: - drwx------ 5 root root 194 Fri Jan 25 11:12:01 2002 . + drwx------ 5 root root 194 Mon Feb 04 00:55:23 2002 .
There seem to be no filenames in these lines, somewhat suspicios. Any ideas?
I observe the same, since ages ago (SuSE 7.0), and also the following:
The following files are suid/sgid: + ++ /var/lib/secchk/data/sbit.new Mon Feb 4 01:01:16 2002 - drwx------ 17 root root 2048 Jan 14 02:28 . + drwx------ 17 root root 2048 Feb 1 16:19 .
The following devices were added: + ++ /var/lib/secchk/data/devices.new Mon Feb 4 01:36:34 2002 - drwx------ root root 2048 Jan + drwx------ root root 2048 Feb
I guess it is a bug in the scripts.
Michael
The report seems right: if you look closely you will see the date has changed. The secchecks compare filesystem listings, and since the date is different the entry is different, and hence is reported Stefan
participants (4)
-
Dietrich Meyer
-
l.g.e@web.de
-
Michael Dreher
-
Stefan Suurmeijer (prive)