I wouldn't be able to guess if it's been compromised, but run regular "whois"'s (logged in users) and "top"'s (running processes).
----- Original Message ----- From: Andrew <[EMAIL PROTECTED]> Date: Sunday, January 30, 2005 7:18 pm Subject: setuid and setgid security issues -is system compromized? > Hey are we allowed to talk about possible security issues in here? > Im just dont know where to look. I tough about going on > linuxquestions.org or something but since Im running YDL I feel > like its YDL related. Other peoples could be concerned too. > > I'v been reading cert.org site and found quite a few setuids files > using this command, as suggested on the site. > find / -user root -perm -4000 -print > > I have the full results both on disk and paper. Many of them > contain 'passwd', 'login' and 'share' in the name. Im not paranoid > but I actually fell intrigued. I also noticed several weird .hidden > files in /tmp directory most of them starting with ssh-. I promptly > deleted them all and they're comming back! :-? > > thoughs?!? > _______________________________________________ > yellowdog-general mailing list > [email protected] > http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general > HINT: to Google archives, try '<keywords> > site:terrasoftsolutions.com' _______________________________________________ yellowdog-general mailing list [email protected] http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general HINT: to Google archives, try '<keywords> site:terrasoftsolutions.com'
