[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Possible hack?

Subject: RE: [cobalt-users] Possible hack?
From: Matthias Pigulla <mp@xxxxxxxxxxxxx>
Date: Tue May 23 07:47:30 2000

> -----Original Message-----
>
> this possible trojans - new files changes in UID??
> 
> [root@ns admin]# find / -user root -perm -4000 -print
- 8< -

> Maybe being paranoid but this is a check recomended by CERT* Advisory
> CA-94.01
> to find new or modified setuid root files. Maybe you could 
> advise if this is

Well, I just ran this command on my brand-new-just-switched-on RaQ3 and had
almost exactly the same result.

I don't see why you should worry. Your find command just dumped all setuid
root files? You did not check wheter they are new or somehow changed.

Best regards,
Matthias
--

 w e b f a c t o r y   G m b H
   Matthias Pigulla <mp@xxxxxxxxxxxxx> - Geschaeftsfuehrer
   Lessingstr. 60 - D-53113 Bonn - Germany - www.webfactory.de
   Fon +49(0)228-9114455 - Fax +49(0)228-9114499 - ICQ 49185492

Prev by Date: [cobalt-users] Server timeout
Next by Date: [cobalt-users] Yahoo - Cobalt Networks Teams With the Sutherland Group to Deliver 24x7 Technic
Previous by thread: [cobalt-users] Possible hack?
Next by thread: [cobalt-users] Possible hack?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index