From: [EMAIL PROTECTED] (root) To: [EMAIL PROTECTED] Subject: Local Weekly Security for devoured: Changes Date: Mon, 18 Aug 2003 01:49:03 -0400 (EDT)
SuSE weekly security check v2.0 by Marc Heuse <[EMAIL PROTECTED]> This is an automated mail by the seccheck tool. If you want to disable this service, just type "mv /etc/cron.d/seccheck /etc/cron.d_seccheck.save". DISCLAIMER Please note that these security checks are neither complete nor reliable. Any attacker with proper experience and root access to your system can deceive *any* security check! Changes in your weekly security configuration of devoured: Password security checking not possible, package john not installed. Please check and perhaps disable the following unused accounts: Warning: user carpy has got a password and a valid shell but never logged in. Warning: user junk has got a password and a valid shell but never logged in. Warning: user public has got a password and a valid shell but never logged in. The following files are suid/sgid: + -rwsr-xr-x 1 root audio 65459 2003-01-19 12:55:37.000000000 -0500 /bin/eject + -rwsr-xr-x 1 root root 73032 2003-01-18 14:25:46.000000000 -0500 /bin/mount <SNIP> The following program executables are group/world writeable: + -rwxrwxr-x 1 root tty 13134 2003-01-18 14:02:22.000000000 -0500 /opt/gnome/sbin/gnome-pty-helper + -rwxrwxr-x 1 root root 2396 2003-07-22 16:20:30.000000000 -0400 /usr/libexec/webmin/dhcpd/edit_iface.cgi <SNIP WEBMIN STUFF-Did Upgrade> The following programs have got a different md5 checksum since last week: + S.5....T /etc/UnitedLinux-release + S.5....T c /etc/issue + S.5....T c /etc/issue.net + S.5....T /usr/share/locale/locale.alias + S.5....T c /usr/share/misc/termcap + SM5....T /usr/bin/rb + SM5....T /usr/bin/rx + S.5....T /usr/bin/rz + SM5....T /usr/bin/sb + SM5....T /usr/bin/sx + S.5....T /usr/bin/sz + ..5....T /usr/share/man/man1/rz.1.gz + ..5....T /usr/share/man/man1/sz.1.gz + SM5....T c /etc/isdn/isdn.conf + S.5....T c /etc/java/java2-jre.conf + S.5....T /lib/modules/2.4.19-4GB/modules.dep + S.5....T /lib/modules/2.4.19-4GB/modules.isapnpmap + S.5....T /lib/modules/2.4.19-4GB/modules.pcimap + S.5....T /lib/modules/2.4.19-4GB/modules.usbmap + S.5....T /opt/mozilla/chrome/installed-chrome.txt + S.5....T /opt/mozilla/defaults/profile/US/bookmarks.html + S.5....T /opt/mozilla/defaults/profile/bookmarks.html + S.5....T /etc/pango/pango.modules + S.5....T /usr/lib/perl5/5.8.0/CPAN.pm + S.5....T /usr/lib/perl5/5.8.0/CPAN/FirstTime.pm + S.5....T c /etc/HOSTNAME + S.5....T c /etc/hosts + S.5....T c /etc/papersize + S.5....T c /etc/java/java2.conf + S.5....T c /etc/pam.d/rlogin + S.5....T c /etc/init.d/xdm + S.5....T c /etc/inittab + S.5....T c /etc/modules.conf + S.5....T /etc/init.d/alsasound + S.5....T c /etc/ipsec.conf + S.5....T c /etc/ipsec.secrets + S.5....T c /etc/init.d/named + S.5....T c /etc/named.conf + S.5....T c /etc/httpd/httpd.conf + S.5....T c /etc/httpd/suse_addmodule.conf + S.5....T c /etc/httpd/suse_define.conf + S.5....T c /etc/httpd/suse_include.conf + S.5....T c /etc/httpd/suse_loadmodule.conf + S.5....T c /etc/httpd/suse_public_html.conf + S.5....T c /etc/httpd/suse_text.conf + S.5....T c /etc/init.d/splash + S.5....T c /etc/init.d/splash_early + S.5....T c /etc/init.d/splash_late + S.5....T /etc/init.d/hwscan + S.5....T c /etc/init.d/isdn + S.5....T c /etc/init.d/inetd + S.5....T /etc/init.d/tomcat + S.5....T /opt/jakarta/tomcat/conf/server.xml + S.5....T c /etc/mon/mon.cf + S.5....T c /etc/security/pam_unix2.conf + S.5....T c /etc/init.d/portmap + S.5....T c /etc/init.d/smbfs + S.5....T c /etc/pam.d/login + S.5....T c /etc/pam.d/passwd + S.5....T c /etc/init.d/atd + S.5....T c /etc/init.d/ldap + S.5....T c /etc/pam.d/sshd + S.5....T c /etc/ssh/ssh_config + SM5....T c /etc/ssh/sshd_config + S.5....T c /etc/postfix/main.cf + S.5....T c /etc/postfix/transport + S.5....T c /etc/init.d/postgresql + S.5....T /etc/init.d/snort + S.5....T c /etc/snort/snort.conf + S.5....T c /etc/init.d/xntpd + S.5....T c /etc/ntp.conf + SM5....T c /etc/crontab + S.5....T c /etc/X11/qtrc + SM5....T /usr/X11R6/lib/X11/fonts/75dpi/encodings.dir + SM5....T /usr/X11R6/lib/X11/fonts/encodings/encodings.dir + SM5....T /usr/X11R6/lib/X11/fonts/encodings/large/encodings.dir + SM5....T /usr/X11R6/lib/X11/fonts/misc/encodings.dir + SM5....T /usr/X11R6/lib/X11/fonts/misc/fonts.dir + S.5....T /usr/lib/YaST2/bin/YaST2.firstboot + S.5....T c /etc/opt/gnome2/gdm/gdm.conf + S.5....T c /opt/kde3/share/config/kdm/backgroundrc + S.5....T /opt/kde3/bin/startkde + S.5....T c /etc/opt/kde3/share/config/kdm/kdmrc + S.5....T /etc/init.d/docview + S.5....T /usr/lib/docview/conf/docview.map + S.5....T /usr/lib/docview/conf/httpd.conf + S.5....T /usr/lib/docview/conf/navtree/additions + S.5....T /usr/lib/docview/conf/rewrite.conf + S.5....T /usr/lib/docview/perl/Apache/DocView.pm + S.5....T /usr/lib/docview/perl/navheader.pl + S.5....T /usr/lib/perl5/5.8.0/i586-linux-thread-multi/perllocal.pod + S.5....T /srv/www/htdocs/index.html.ca + S.5....T /srv/www/htdocs/index.html.cz + S.5....T /srv/www/htdocs/index.html.de + S.5....T /srv/www/htdocs/index.html.dk + S.5....T /srv/www/htdocs/index.html.ee + S.5....T /srv/www/htdocs/index.html.el + S.5....T /srv/www/htdocs/index.html.en + S.5....T /srv/www/htdocs/index.html.es + S.5....T /srv/www/htdocs/index.html.fr + S.5....T /srv/www/htdocs/index.html.he.iso8859-8 + S.5....T /srv/www/htdocs/index.html.it + S.5....T /srv/www/htdocs/index.html.ja.jis + S.5....T /srv/www/htdocs/index.html.kr.iso-kr + S.5....T /srv/www/htdocs/index.html.lb.utf8 + S.5....T /srv/www/htdocs/index.html.nl + S.5....T /srv/www/htdocs/index.html.nn + S.5....T /srv/www/htdocs/index.html.no + S.5....T /srv/www/htdocs/index.html.po.iso-pl + S.5....T /srv/www/htdocs/index.html.pt + S.5....T /srv/www/htdocs/index.html.pt-br + S.5....T /srv/www/htdocs/index.html.ru.cp-1251 + S.5....T /srv/www/htdocs/index.html.ru.cp866 + S.5....T /srv/www/htdocs/index.html.ru.iso-ru + S.5....T /srv/www/htdocs/index.html.ru.koi8-r + S.5....T /srv/www/htdocs/index.html.se + S.5....T /srv/www/htdocs/index.html.zh + S.5....T c /etc/proftpd.conf + S.5....T c /var/spool/fax/etc/xferfaxlog + S.5....T /etc/init.d/opennms + S.5....T c /opt/OpenNMS/etc/discovery-configuration.xml + S.5....T c /opt/OpenNMS/etc/notifd-configuration.xml + S.5....T c /opt/OpenNMS/etc/users.xml + S.5....T /usr/local/tsp/bin/tspc.conf <SNIP WEBMIN STUFF> The following devices were added: + crw-rw---- root video 107, 0 /dev/3dfx + crw------- root root 10, 157 /dev/ac + crw-rw---- root root 56, 0 /dev/adb <SNIP BASICALLY ALL OF /dev> What concerns me is the /dev directory. This is a SCO Linux 4 box (yes, I was run one of those still). I don't believe I set up YOU automated updates or anything so I'm abit confused here. Is this box toast? Have I been whacked? I noticed there was a new Kernel available for my SuSE boxen. Was there some vulnerability that I didn't patch for? Thanks, Matt -- Matthew Carpenter [EMAIL PROTECTED] http://www.eisgr.com/ Enterprise Information Systems * Network Service Appliances * Network Consulting, Integration & Support * Web Integration and E-Business _______________________________________________ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users