On Wed, 6 Apr 2005 10:55:04 -0400 Richard Morse <[EMAIL PROTECTED]> wrote:
> Hi! I came in the morning and discovered that the file permissions on > every cgi I have on my webserver had been set to u-x,go+x. This > seems > to have changed at about 4:30a this morning. I'm a bit worried by > this, as I can't think of anything that would cause this, and there's > nothing in any of the log files that would explain it. 4:30a sounds like a cronjob might have done this, but it does not ring a bell > Has anyone run into this before? Can you direct me to a place I might > find more information on it? A quick google search on "owner cannot > exec" didn't turn up anything... i suggest (since you're worried) you do some reading about security in general for FreeBSD, e.g. starting here : http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/security.html personally i would : - take the machine down - compare md5sums with a freshly installed machine - do some more "forensic research" with things like sleuthkit - for the future use a tripwire-style program like yafic (from ports) _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"