Both of these are dangerous. You should fix these now: # chmod 600 /etc/shadow*
If you can't do it, you should find someone who can. NOW. And change all the passwords on the system. This is a major/hole/security breach. Jeff Barbara wrote: > > ->I don't know about the default entries but mine > ->are the same > ->-r-------- 1 root root 6675 Jan 30 11:56 shadow > ->-r-------- 1 root root 6614 Jan 23 10:13 shadow- > > I have two RaQ3's that were restored in Feb 01 after > the BIND exploits, and both show permissions of > > -rw-r--r-- 1 root root 3230 Feb 4 22:39 shadow > -rw-r--r-- 1 root root 3274 Feb 4 22:38 shadow- > > while I just leased another RaQ3 (fresh install) and > it's showing permissions of > > -rw-r--r-- 1 root root 1931 Jan 25 17:48 shadow > -r-------- 1 root root 1931 Jan 12 00:52 shadow- > > Wonder if the first systems were rebuilt off an > original (older) restore disk, and the last machine > was loaded with a more recent version? > > __________________________________________________ > Do You Yahoo!? > Send FREE Valentine eCards with Yahoo! Greetings! > http://greetings.yahoo.com > _______________________________________________ > cobalt-security mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-security -- Jeff Lasman <[EMAIL PROTECTED]> Linux and Cobalt/Sun/RaQ Consulting nobaloney.net P. O. Box 52672, Riverside, CA 92517 voice: (909) 778-9980 * fax: (702) 548-9484 _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
