Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!simtel!zombie.ncsc.mil!news.mathworks.com!newsfeed.internetmci.com!howland.reston.ans.net!Germany.EU.net!Dortmund.Germany.EU.net!interface-business.de!not-for-mail From: j@interface-business.de (J Wunsch) Newsgroups: comp.unix.bsd.bsdi.misc Subject: Re: Daily Insecurity Report? Need interpretation.... Date: 20 Oct 1995 10:23:10 +0100 Organization: interface business GmbH, Dresden Lines: 24 Message-ID: <467ppu$37m@ida.interface-business.de> References: <460j3v$euu@SNEEZY.icinet.net> NNTP-Posting-Host: ida.interface-business.de <larryt@goldrush.com> wrote: >I got this message from the daily script. I really don't understand what it is trying to tell me. The only thing that happened was that the disk filled the day before, so whould that have caused these problems? Or, has someone comprimised my system? Any help understanding the implication would be greatly appreciated. >> Checking setuid files and devices: >> Setuid additions: >> -r-xr-sr-x 1 bin kmem 1240 Feb 3 17:22:34 1995 /sbin/dmesg >> -r-sr-sr-x 2 root tty 28672 Aug 12 07:04:22 1995 /sbin/dump >> -r-sr-sr-x 1 root tty 28672 Feb 7 08:49:40 1995 /sbin/dump.orig ... The "setuid additions" are being handled by comparing the contents of yesterday's status file and today's status file. So if your disk filled up yesterday, yesterday's file was probably empty, and today /etc/security concludes that all these programs have been added last day... -- J"org Wunsch Unix support engineer joerg_wunsch@interface-business.de [private: http://www.sax.de/~joerg/]