Hi!
I run a mandrake 8.0 box, and tend to check the security logs (but not everyday). Yesterday, i got the following set of warnings in the security log: Change in Suid Root files found : - Added suid root files : /bin/linuxconf - Added suid root files : /bin/mount - Added suid root files : /bin/ping - Added suid root files : /bin/su [etc] . . . Security Warning: Changes in Suid Group files found : Added suid group files : /sbin/netreport Added suid group files : /usr/bin/cdda2wav Added suid group files : /usr/bin/kdesud [etc] . . . the list of each set of files is quite long, and includes things like ssh, gpg, rsh, rlogin, suexec etc. but also boring things like man and restorefont i have not done anything that i can think of, which would have resulted in these changes, and have never seen anything like this in the logs before, so i am a bit worried. On the other hand, the list of files seems rather long, and while it includes important files, it also includes some that are of little interest to someone trying an exploit. perhaps mandrake ran some script which made these changes?? any ideas as to what this might be would be much appreciated, as right now, i am too paranoid to even hook my computer to the internet. Most of my services, like ssh, telnet, ftp, httpd are *always* disabled - so hack seems unlikely. thanks, Itai. ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
