I got this in my email today....was I hacked. Now last week I did do
the undo suse harden script and removed a lot of the options because the
using the script with yes to all the answers made the machine not want
to run qmail. Don't know why, I am still looking at it. But would
undoing it cause this message to appear, and is there anything I can do
to make this box more secure with this list, I am not asking for
handholding just a hint where I should start.
Thanks.
SuSE weekly security check v2.0 by Marc Heuse This is an
automated mail by the seccheck tool. If you want to disable this
service, just type "mv /etc/cron.d/seccheck /etc/cron.d_seccheck.save".
DISCLAIMER
Please note that these security checks are neither complete nor
reliable. Any attacker with proper experience and root access to your
system can deceive *any* security check!
Changes in your weekly security configuration of sheeva:
Password security checking not possible, package john not installed.
Please check and perhaps disable the following unused accounts:
Warning: user gmike2 has got a password and a valid shell but never
logged in.
Warning: user mailadmn has got a password and a valid shell but never
logged in.
The following files are suid/sgid:
+ -rwsr-xr-x 1 root audio 15180 Fri Apr 05 09:09:54 2002
/bin/eject
+ -rwsr-xr-x 1 root root 67360 Mon Mar 11 05:02:30 2002
/bin/mount
+ -rwsr-xr-x 1 root root 19892 Mon Mar 11 05:07:53 2002
/bin/ping
+ -rwsr-xr-x 1 root root 17384 Mon Mar 11 05:07:53 2002
/bin/ping6
+ -rwsr-xr-x 1 root root 31169 Mon Mar 11 05:02:25 2002
/bin/su
+ -rwsr-xr-x 1 root root 34932 Mon Mar 11 05:02:30 2002
/bin/umount
+ -rws--x--x 1 qmailq qmail 12976 Thu Mar 14 16:36:20 2002
/copy/bin/qmail-queue
+ -rws--x--x 1 qmails qmail 12976 Wed Feb 27 15:59:38 2002
/home/sifu/qmail/bin/qmail-queue
+ -rwxr-sr-x 1 root shadow 19434 Wed Mar 13 14:42:23 2002
/opt/kde2/bin/kcheckpass
+ -rwxr-sr-x 1 root nogroup 83816 Wed Mar 13 14:42:24 2002
/opt/kde2/bin/kdesud
+ -rwxr-sr-x 1 root tty 3764 Wed Mar 13 14:42:24 2002
/opt/kde2/bin/konsole
+ -rwsr-xr-x 1 root root 5356 Wed Mar 13 14:42:24 2002
/opt/kde2/bin/konsole_grantpty
+ -rwsr-xr-x 1 root root 24099 Fri Apr 05 09:09:54 2002
/sbin/cardctl
+ -rwxr-sr-x 1 root shadow 16168 Mon Mar 11 05:02:10 2002
/sbin/unix_chkpwd
+ -rws--x--x 1 root root 1789036 Mon Mar 11 05:09:59 2002
/usr/X11R6/bin/XFree86
+ -rwsr-xr-x 1 root root 16111 Mon Mar 11 05:09:47 2002
/usr/X11R6/bin/Xwrapper
+ -rwsr-xr-x 1 root root 10669 Fri Apr 05 09:09:54 2002
/usr/X11R6/bin/dga
+ -rwxr-sr-x 1 root uucp 126767 Fri Apr 05 09:09:54 2002
/usr/X11R6/bin/seyon
+ -rwxr-sr-x 1 root tty 95648 Mon Mar 11 05:10:37 2002
/usr/X11R6/bin/wterm
+ -rwxr-sr-x 1 root shadow 1119140 Mon Mar 11 05:10:41 2002
/usr/X11R6/bin/xlock
+ -rwxr-sr-x 1 root shadow 1703916 Fri Apr 05 09:09:54 2002
/usr/X11R6/bin/xlock-mesa
+ -rwxr-sr-x 1 root tty 285719 Mon Mar 11 05:09:33 2002
/usr/X11R6/bin/xterm
+ -rwsr-xr-x 1 root root 35896 Fri Apr 05 09:09:54 2002
Michael Garabedian
Consultant
Emergys Corporation
6340 Quadrangle Drive Suite 360
Chapel Hill, NC 27517
408-3385 ext 101
Fax 408-3384
email mikejr@emergyscorp.com
website: www.emergys.com
WE DENY THE EARTH PRINCIPLE OF THE THIRD EXCLUDED TERM (THE EXCLUDED
MIDDLE, ENUNCIATED BY ARISTOTLE) ACCORDING TO WHICH PROPOSITIONS CAN
ONLY BE TRUE OR FALSE. THE WHOLE ONTOLOGY OF TERRESTRIAL THINKERS IS
SATURATED WITH EXPRESSIONS LIKE "TO BE," "I AM NOT," "I EXIST," WITHOUT
ANY OPTION FOR OTHER FORMS OF DIFFERENT CONTENT. UNLESS YOU YOURSELVES
CLARIFY YOUR FORMS OF INFORMATIVE COMMUNICATION, THE PROCESS OF SEEKING
THE TRUTH WILL BE VERY LABORIOUS AND SLOW.