Ron, re-read the message. It specifically says that file the shouldn't be suid
have been changed to suid since the last scan.
For instance, mount, su, and umount should never be suid. They aren't installed
that way, so "something" had to change them.
Even if it wasn't a hack job, there are many security holes here. I wouldn't want
to have that system anywhere near a public network until it's fixed.
Russ
Ron Stodden wrote:
> Andrew Vogel wrote:
> >
> > I woke up this morning to find this email in my system:
>
> ...
>
> > I've been hacked! The questions, now, are: 1. How do I fix this? and 2. How
> to I prevent it from happening again?
>
> No you haven't! This is just the periodic report done on your
> system security by your own msec (man msec). I have not seen it as
> an email before, only as /var/log/messages messages, so msec must
> consider the situation serious.
>
> It is telling you what needs to be done to bring your security up to
> snuff so that you can't be hacked.
>
> --
>
> Regards,
>
> Ron. [AU] - sent by Linux.
