[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Cracker tools found on a RaQ 4

Subject: RE: [cobalt-users] Cracker tools found on a RaQ 4
From: "Gavin Nelmes-Crocker" <cobalt@xxxxxxxxxxxxxxxx>
Date: Fri Feb 21 17:14:01 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

Thanks for the heads up Bruce

> find / -nouser -o -nogroup -exec ls -lF {} \;
>
So interesting but not worrying results come back if you have Urchin
installed, some poor QA there on an otherwise awesome product

> Also you might want to run a check for all setuid files and see if
> anything suspicious appears:
>
> find / -type f -perm +6000 -exec ls -lF {} \;
>

I suppose it depends what a standard clean built RaQ shows - I get the
following on a prod box - the main additions are openwebmail and Miva i
presume the /usr stuff is correct.

Gavin

 -rwsr-sr-x    1 root     root       118429 Jun 14  2000
/home/opt/interbase/bin/gds_drop*
-rwsr-sr-x    1 root     root       115416 Jun 14  2000
/home/opt/interbase/bin/gds_lock_mgr*
-rwsr-xr-x    1 root     root       566096 Sep  7  2001
/home/sites/home/miva-bin/miva*
-rwsr-xr-x    1 root     root        74092 Jan 23  2002
/home/gossamer/fileman/cgi-bin/fileman.cgi*
-rwsr-xr-x    1 root     mail        11910 Feb  4 10:55
/home/openwebmail/cgi-bin/openwebmail/openwebmail-advsearch.pl*
-rwsr-xr-x    1 root     mail        11910 Feb  4 10:55
/home/openwebmail/cgi-bin/openwebmail/openwebmail-cal.pl*
-rwsr-xr-x    1 root     mail        11910 Feb  4 10:55
/home/openwebmail/cgi-bin/openwebmail/openwebmail-folder.pl*
-rwsr-xr-x    1 root     mail        11910 Feb  4 10:55
/home/openwebmail/cgi-bin/openwebmail/openwebmail-main.pl*
-rwsr-xr-x    1 root     mail        11910 Feb  4 10:55
/home/openwebmail/cgi-bin/openwebmail/openwebmail-prefs.pl*
-rwsr-xr-x    1 root     mail        11910 Feb  4 10:55
/home/openwebmail/cgi-bin/openwebmail/openwebmail-read.pl*
-rwsr-xr-x    1 root     mail        11910 Feb  4 10:55
/home/openwebmail/cgi-bin/openwebmail/openwebmail-send.pl*
-rwsr-xr-x    1 root     mail        11910 Feb  4 10:55
/home/openwebmail/cgi-bin/openwebmail/openwebmail-spell.pl*
-rwsr-xr-x    1 root     mail        11910 Feb  4 10:55
/home/openwebmail/cgi-bin/openwebmail/openwebmail-tool.pl*
-rwsr-xr-x    1 root     mail        11910 Feb  4 10:55
/home/openwebmail/cgi-bin/openwebmail/openwebmail-viewatt.pl*
-rwsr-xr-x    1 root     mail        11910 Feb  4 10:55
/home/openwebmail/cgi-bin/openwebmail/openwebmail.pl*
-rwsr-xr-x    1 root     mail        11910 Feb  4 10:55
/home/openwebmail/cgi-bin/openwebmail/openwebmail-abook.pl*
find: /proc/5/fd: Permission denied
-rwsr-xr-x    1 root     root        14612 May 30  2000 /bin/su*
-r-sr-xr-x    1 root     root        26228 May  4  2000 /sbin/pwdb_chkpwd*
-r-sr-xr-x    1 root     root        27160 May  4  2000 /sbin/unix_chkpwd*
-rwsr-xr-x    1 root     root        35168 Feb 16  2000 /usr/bin/chage*
-rwsr-xr-x    1 root     root        36756 Feb 16  2000 /usr/bin/gpasswd*
-rws--x--x    1 root     root        14396 Jul 30  2002 /usr/bin/chfn*
-rws--x--x    1 root     root        14108 Jul 30  2002 /usr/bin/chsh*
-rws--x--x    1 root     root         5780 Jul 30  2002 /usr/bin/newgrp*
-rwxr-sr-x    1 root     tty          8648 Jul 30  2002 /usr/bin/write*
-rwxr-sr-x    1 root     man         36192 Jul 27  2000 /usr/bin/man*
-rwxr-sr-x    1 root     mail         7844 Jan  9  2002
/usr/bin/mutt_dotlock*
-r-s--x--x    1 root     root        12824 May 30  2000 /usr/bin/passwd*
-rwxr-sr-x    1 root     mail        11880 Sep  4  1999 /usr/bin/lockfile*
-rwsr-sr-x    1 root     mail        69844 Sep  4  1999 /usr/bin/procmail*
-rwsr-xr-x    1 root     root        14932 Apr 19  2000 /usr/bin/rcp*
-rwsr-xr-x    1 root     root        10836 Apr 19  2000 /usr/bin/rlogin*
-rwsr-xr-x    1 root     root         8016 Apr 19  2000 /usr/bin/rsh*
-rwxr-sr-x    1 root     slocate     20880 Dec 18  2000 /usr/bin/slocate*
-rwsr-xr-x    1 root     root        21304 Feb 20  2001 /usr/bin/crontab*
-rwxr-sr-x    1 root     mail        19120 Jun 13  2000
/usr/lib/emacs/20.7/i386-redhat-linux-gnu/movemail*
-rwsr-sr-x    1 root     root        48973 Jun 14  2000
/usr/local/sbin/gds_inet_server*
-rwsr-x---    1 root     mail        17601 Jun 26  2000
/usr/local/majordomo/wrapper*
-rwsr-xr-x    1 root     root        23338 Jun  6  2000 /usr/sbin/cmos*
-r-sr-xr-x    1 root     mail       372096 Jun 18  2000 /usr/sbin/sendmail*
-rwsr-xr-x    1 root     root        17672 Oct  4  2000
/usr/sbin/traceroute*
-rwsr-xr-x    1 root     root        23037 Aug  6  2002 /usr/sbin/fpexec*
-rwsr-xr-x    1 root     root        34799 Dec  8  2001
/usr/libexec/pt_chown*
-rws--x--x    1 root     root       673660 Jul 31  2002
/usr/libexec/openssh/ssh-keysign*
-rwsr-xr-x    4 root     root        42868 Jul 27  2001
/usr/cgiwrap/nph-cgiwrapd*
-rwsr-xr-x    4 root     root        42868 Jul 27  2001
/usr/cgiwrap/cgiwrap*
-rwsr-xr-x    4 root     root        42868 Jul 27  2001
/usr/cgiwrap/cgiwrapd*
-rwsr-xr-x    4 root     root        42868 Jul 27  2001
/usr/cgiwrap/nph-cgiwrap*

Follow-Ups:
- Re: [cobalt-users] Cracker tools found on a RaQ 4
  - From: Bruce Timberlake

References:
- [cobalt-users] Cracker tools found on a RaQ 4
  - From: Bruce Timberlake

Prev by Date: [cobalt-users] Cracker tools found on a RaQ 4
Next by Date: Re: [cobalt-users] Crontab Editing Question
Previous by thread: [cobalt-users] Cracker tools found on a RaQ 4
Next by thread: Re: [cobalt-users] Cracker tools found on a RaQ 4

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index