I'm a little worried after reading the security output this morning.
It seems some files [ping, ping6, shutdown, at, atq and atrm] have
setuid diffs. I really don't know why this could have happened.
I updated some ports yesterday, but I don't think any port writes
in /sbin (?)
Could someboddy advice me on what can have happened?
What ports have you updated? You can check if any of them has
installed new files in /sbin by running `pkg_info -L
your_updated_port-version`. See the -L option of pkg_info(1) in the
man page
http://www.freebsd.org/cgi/man.cgi?query=pkg_info&apropos=0&sektion=0&manpath=FreeBSD+6.1-RELEASE&format=html
You can also consider installing a Host Based Integrity Monitoring
software. I use Osiris which is quite simple to setup and administer.
It's already in the ports as security/osiris which you can get there:
http://www.freebsd.org/cgi/url.cgi?ports/security/osiris/pkg-descr.
Of course, don't install osiris on a machine which you're not sure if
it has been tampered with, it would defeat the purpose... You can also
take a look at other integrity checking software such as Samhain,
Tripwire or aide.
Regards,
David
--
David Robillard
UNIX systems administrator & Oracle DBA
CISSP, RHCE & Sun Certified Security Administrator
Montreal: +1 514 966 0122
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
