Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] seccheck question
  • From: Roman Drahtmueller <draht@xxxxxxx>
  • Date: Mon, 14 Jan 2002 10:37:24 +0100 (MET)
  • Message-id: <Pine.LNX.4.43.0201141036110.21660-100000@xxxxxxxxxxxx>
> Hi,
>
> last 12.01.02 at 4am someone was trying to activate the port 22 (sshd). the
> auth.log is not reporting any successfull login.
>
> today the seccheck script give me the same output on two different machines
>
> The following program executables are group/world writeable:
> - drwx------ 13 root root 748 Fri Jan 04 02:05:33 2002 .
> + drwx------ 13 root root 748 Mon Jan 07 20:31:38 2002 .
>
> The following devices were added:
> crw------- root root 12, 5 /dev/tpqic24
> crw-rw-rw- root root 5, 0 /dev/tty
> crw--w--w- root root 4, 0 /dev/tty0
> - crw--w---- root tty 4, 1 /dev/tty1
> + crw-rw---- root tty 4, 1 /dev/tty1
> crw--w---- root tty 4, 10 /dev/tty10
> crw--w---- root tty 4, 11 /dev/tty11
> crw--w---- root tty 4, 12 /dev/tty12
>
> my question: is there a relation between this two events ?
> thank you

No, most likely not. It really depends on the directory that changed the
timestamp.

You'll see plenty of sshd connects in the next days. Don't worry about
them as long as you have all updates installed.

Roman.
--
- -
| Roman Drahtm├╝ller <draht@xxxxxxx> // "You don't need eyes to see, |
SuSE GmbH - Security Phone: // you need vision!"
| N├╝rnberg, Germany +49-911-740530 // Maxi Jazz, Faithless |
- -


< Previous Next >
References