From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1G0knO-0005VR-CN for garchives@archives.gentoo.org; Wed, 12 Jul 2006 19:54:54 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.7/8.13.6) with SMTP id k6CJqpSh031433; Wed, 12 Jul 2006 19:52:51 GMT Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.184]) by robin.gentoo.org (8.13.7/8.13.6) with ESMTP id k6CJdE2k019755 for ; Wed, 12 Jul 2006 19:39:15 GMT Received: by nf-out-0910.google.com with SMTP id h2so257565nfe for ; Wed, 12 Jul 2006 12:39:14 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=LmdE/AEwHLHSrz+oMQIIvVRZwntbr48wIbfmfuNozQ3aHfkOXFn8x314OH39JY7xdRjb2csrVB1Z3Pu0NHqQVaIGxae/VAUffifxGpjbDHontrPK/RWAhLSJIUr3zI+mTjAvm68vcF5GXU/8MbcqBu0JhaKVXU59DrX+CGlntmM= Received: by 10.78.140.17 with SMTP id n17mr35424hud; Wed, 12 Jul 2006 12:39:14 -0700 (PDT) Received: by 10.78.16.3 with HTTP; Wed, 12 Jul 2006 12:39:14 -0700 (PDT) Message-ID: <642958cc0607121239o342ce11am52dcbdb7ff7b18c0@mail.gmail.com> Date: Wed, 12 Jul 2006 15:39:14 -0400 From: "Mark Shields" To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] hardened: setuid In-Reply-To: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_5288_104675.1152733154481" References: X-Archives-Salt: 221224fb-34b9-485f-91cc-bbc294f30551 X-Archives-Hash: 7330e0d7c32499b0c7783aed46dc6466 ------=_Part_5288_104675.1152733154481 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline n 7/12/06, James wrote: > > Hello > > I was performing a routine security audit using: > > find / -user root -perm -4000 -print > > which found these peculiar files: > > /usr/athena/bin/su > /usr/athena/bin/otp > /usr/athena/bin/rcp > /usr/athena/bin/rsh > /usr/athena/bin/rlogin > > > upon greater inspection this is most troubling: > > -rws--x--x 1 root root 108416 May 4 19:52 /usr/athena/bin/su > -rws--x--x 1 root root 105640 May 4 19:52 /usr/athena/bin/otp > -rws--x--x 1 root root 95840 May 4 19:52 /usr/athena/bin/rlogin > > > Are these part of a normal gentoo system running hardened, or is it > time to re-install this machine? > > > James > > > > > -- > gentoo-user@gentoo.org mailing list > > Not normal. I use hardened on two seperate servers and don't have those files. -- - Mark Shields ------=_Part_5288_104675.1152733154481 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline n 7/12/06, James <wireless@tampabay.rr.com> wrote:
Hello

I was performing a routine security audit using:

find / -user root -perm -4000 -print

which found these peculiar files:

/usr/athena/bin/su
/usr/athena/bin/otp
/usr/athena/bin/rcp
/usr/athena/bin/rsh
/usr/athena/bin/rlogin


upon greater inspection this is most troubling:

-rws--x--x 1 root root 108416 May  4 19:52 /usr/athena/bin/su
-rws--x--x 1 root root 105640 May  4 19:52 /usr/athena/bin/otp
-rws--x--x 1 root root 95840 May  4 19:52 /usr/athena/bin/rlogin


Are these part of a normal gentoo system running hardened, or is it
time to re-install this machine?


James




--
gentoo-user@gentoo.org mailing list


Not normal.  I use hardened on two seperate servers and don't have those files.

--
- Mark Shields ------=_Part_5288_104675.1152733154481-- -- gentoo-user@gentoo.org mailing list