>I remembet the epsiode when we found that >neomail messed with the suid bit But, I still >have that one spare RaQ4r with neomail on it and; > >[admin admin]$ ls /etc/shadow -l >-r-------- 1 root root 552 Sep 29 >21:04 /etc/shadow >[admin admin]$ ls /etc/shadow- -l >-rw------- 1 root root 524 Sep 29 >07:25 /etc/shadow-
Hum, I truly thought Neomail was going to be the devil doing the dirty deed. I really did. I wonder what it could be? I'm trying to think of any software I've installed on these boxes and I can't think of anything. I take stuff off if anything (lots of stuff off actually). I'd like to know if they were set that way when my NOC restored them last Feb (from their restore CD) or if they were changed by something during the last 12 months. Doesn't anyone think it's odd that so many of us reported different settings on those shadow files. Most more secure than mine, but 3 or 4 different combinations. Hum, I need to think about this some more. __________________________________________________ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
