Groups | Search | Server Info | Keyboard shortcuts | Login | Register

Groups > comp.os.linux.security > #187

Re: Security breach?

Newsgroups comp.os.linux.security
Subject Re: Security breach?
From Ohmster <root@dev.nul>
References <XnsA145508078CBMyBigKitty@216.196.97.131> <slrnkevaie.4qm.BitTwister@wb.home.test> <i1OHs.32904$3S5.11697@newsfe18.iad> <XnsA14526347AB67MyBigKitty@216.196.97.131> <2R_Hs.22037$532.962@newsfe03.iad>
Organization Ohm's Fish Market
Message-ID <XnsA145B4AF1B265MyBigKitty@216.196.97.131> (permalink)
Date 2013-01-11 16:45 -0600

Show all headers | View raw

unruh <unruh@invalid.ca> wrote in news:2R_Hs.22037$532.962@newsfe03.iad:

[..]
> The second is to wipe the drive and reinstall the operating system,
> making sure you give yourself and all users strong passwords, and you
> change all ssh authorized hosts accounts. Then you restore all your old
> user files (eg home directlry, or other programs you installed). Then
> search through for any suid programs, especially suid root programs. 
> (eg I had one /tmp/bananas that sas a suid root shell) 
> find / -perm /6000 

Oh my, there is an awful lot of input. I will have to run this again and 
capture it to a text file. Huh, chrome sandbox had suid? How come? Let me 
run this more and find out how bad this is.

I don't really know how to tell what should and should not have suid. I 
know that no browser sandbox should have it, and all the /bin /sbin/ and 
some others are alright, but there is a LOT of output from directories and 
even hard drives that should not have suid. I have backups of previous 
installations on other drives and they have suid too. /var/cache/.. has 
suid. This is bad. Do you think I can upload this for examination or might 
that not be prudent, unruh?

Thank you unruh.

-- 
~Ohmster

Back to comp.os.linux.security | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Security breach? Ohmster <root@dev.nul> - 2013-01-10 23:29 -0600
  Re: Security breach? Bit Twister <BitTwister@mouse-potato.com> - 2013-01-11 05:59 +0000
    Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-11 06:10 +0000
      Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 02:45 -0600
        Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-11 20:44 +0000
          Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 15:06 -0600
            Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-11 22:26 +0000
          Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 16:45 -0600
            Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-12 00:24 +0000
              Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 19:34 -0600
                Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-12 02:16 +0000
                Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 21:04 -0600
                Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-12 05:44 +0000
                Re: Security breach? Ohmster <root@dev.nul> - 2013-01-12 16:29 -0600
                Re: Security breach? Bit Twister <BitTwister@mouse-potato.com> - 2013-01-13 03:01 +0000
                Re: Security breach? GangGreene <GangGreene@example.com> - 2013-01-13 07:24 -0500
                Re: Security breach? Bit Twister <BitTwister@mouse-potato.com> - 2013-01-13 14:51 +0000
                Re: Security breach? GangGreene <GangGreene@example.com> - 2013-01-13 10:45 -0500
                Re: Security breach? Jim Beard <jdbeard@patriot.net> - 2013-01-13 12:21 -0500
                Re: Security breach? GangGreene <GangGreene@example.com> - 2013-01-13 12:59 -0500
                Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-13 20:40 +0000
                Re: Security breach? GangGreene <GangGreene@example.com> - 2013-01-13 16:14 -0500
                Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-13 23:51 +0000
                Re: Security breach? GangGreene <GangGreene@example.com> - 2013-01-14 09:59 -0500
                Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-14 17:39 +0000
                Re: Security breach? GangGreene <GangGreene@example.com> - 2013-01-14 16:16 -0500
                Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-14 21:48 +0000
                Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-13 20:35 +0000
          Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 17:05 -0600
            Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-12 00:26 +0000
      Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 03:10 -0600
        Re: Security breach? Bit Twister <BitTwister@mouse-potato.com> - 2013-01-11 11:31 +0000
          Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 15:53 -0600
            Re: Security breach? Aragorn <stryder@telenet.be.invalid> - 2013-01-11 23:05 +0100
              Re: Security breach? Richard Kettlewell <rjk@greenend.org.uk> - 2013-01-11 22:14 +0000
                Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 16:47 -0600
                Re: Security breach? Bit Twister <BitTwister@mouse-potato.com> - 2013-01-12 00:26 +0000
                Re: Security breach? Richard Kettlewell <rjk@greenend.org.uk> - 2013-01-12 09:23 +0000
                Re: Security breach? Ohmster <root@dev.nul> - 2013-01-12 16:31 -0600
                Re: Security breach? Ohmster <root@dev.nul> - 2013-01-12 16:36 -0600
                Re: Security breach? Aragorn <stryder@telenet.be.invalid> - 2013-01-13 14:45 +0100
              Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 16:39 -0600
            Re: Security breach? Bit Twister <BitTwister@mouse-potato.com> - 2013-01-12 00:08 +0000
        Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-11 20:50 +0000
          Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 15:19 -0600
            Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-11 22:30 +0000
              Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 16:49 -0600
    Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 02:36 -0600
    Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 02:52 -0600
  Re: Security breach? "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2013-01-11 03:10 -0500
    Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 02:39 -0600
  Re: Security breach? Richard Kettlewell <rjk@greenend.org.uk> - 2013-01-11 10:53 +0000
    Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 15:12 -0600
      Re: Security breach? Aragorn <stryder@telenet.be.invalid> - 2013-01-11 22:53 +0100
        Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 15:57 -0600
          Re: Security breach? Aragorn <stryder@telenet.be.invalid> - 2013-01-11 23:29 +0100
            Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 16:55 -0600
              Re: Security breach? Aragorn <stryder@telenet.be.invalid> - 2013-01-11 23:59 +0100
                Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 17:07 -0600
                Re: Security breach? Aragorn <stryder@telenet.be.invalid> - 2013-01-12 00:24 +0100
                Re: Security breach? `blindshell' ...INFECTED (PORTS: 465) Ohmster <root@dev.nul> - 2013-01-11 17:48 -0600
                Re: Security breach? `blindshell' ...INFECTED (PORTS: 465) Ohmster <root@dev.nul> - 2013-01-11 18:07 -0600
            Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-12 00:16 +0000
              Re: Security breach? Aragorn <stryder@telenet.be.invalid> - 2013-01-12 12:13 +0100
                Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-12 18:30 +0000
      Re: Security breach? Richard Kettlewell <rjk@greenend.org.uk> - 2013-01-11 22:07 +0000
        Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 17:22 -0600

csiph-web