Groups | Search | Server Info | Keyboard shortcuts | Login | Register

Groups > comp.os.linux.security > #203

Re: Security breach?

Newsgroups comp.os.linux.security
Subject Re: Security breach?
From Ohmster <root@dev.nul>
References (2 earlier) <i1OHs.32904$3S5.11697@newsfe18.iad> <XnsA14526347AB67MyBigKitty@216.196.97.131> <2R_Hs.22037$532.962@newsfe03.iad> <XnsA145B4AF1B265MyBigKitty@216.196.97.131> <L22Is.64415$LS5.15558@newsfe10.iad>
Organization Ohm's Fish Market
Message-ID <XnsA145D152BCD6MyBigKitty@216.196.97.131> (permalink)
Date 2013-01-11 19:34 -0600

Show all headers | View raw

unruh <unruh@invalid.ca> wrote in news:L22Is.64415$LS5.15558@newsfe10.iad:

> You also have an rpm based machine.
> rpm -Va>/tmp/verify
> then look through that to see files which have changed since
> installation. ( third  entry is a 5) Some should have changed
> (/etc/passwd for example) but some certainly should not. 
> 
> 
> Note on the find command
> find / -perm /6000 -ls
> will give more information about the permissions and the files. 
> The command looks for both suid and sgid files.  The former are of
> course more dangerous. Not all may be owned by root, but most will be.

Good idea. Man, I am getting so many I/O errors now that I cannot even run 
the find command anymore. But, I do have one that I made when you first 
suggested it. Look here:

http://home.comcast.net/~theohmster/text/suid_out.txt

The /mnt/media/... stuff is my two extra IDE drives, I do have copies of 
the previous system on them made with cp - a. 

Wow, this is more than I can do for one night, need to take a break. Thanks 
unruh.

-- 
~Ohmster

Back to comp.os.linux.security | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Security breach? Ohmster <root@dev.nul> - 2013-01-10 23:29 -0600
  Re: Security breach? Bit Twister <BitTwister@mouse-potato.com> - 2013-01-11 05:59 +0000
    Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-11 06:10 +0000
      Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 02:45 -0600
        Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-11 20:44 +0000
          Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 15:06 -0600
            Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-11 22:26 +0000
          Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 16:45 -0600
            Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-12 00:24 +0000
              Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 19:34 -0600
                Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-12 02:16 +0000
                Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 21:04 -0600
                Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-12 05:44 +0000
                Re: Security breach? Ohmster <root@dev.nul> - 2013-01-12 16:29 -0600
                Re: Security breach? Bit Twister <BitTwister@mouse-potato.com> - 2013-01-13 03:01 +0000
                Re: Security breach? GangGreene <GangGreene@example.com> - 2013-01-13 07:24 -0500
                Re: Security breach? Bit Twister <BitTwister@mouse-potato.com> - 2013-01-13 14:51 +0000
                Re: Security breach? GangGreene <GangGreene@example.com> - 2013-01-13 10:45 -0500
                Re: Security breach? Jim Beard <jdbeard@patriot.net> - 2013-01-13 12:21 -0500
                Re: Security breach? GangGreene <GangGreene@example.com> - 2013-01-13 12:59 -0500
                Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-13 20:40 +0000
                Re: Security breach? GangGreene <GangGreene@example.com> - 2013-01-13 16:14 -0500
                Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-13 23:51 +0000
                Re: Security breach? GangGreene <GangGreene@example.com> - 2013-01-14 09:59 -0500
                Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-14 17:39 +0000
                Re: Security breach? GangGreene <GangGreene@example.com> - 2013-01-14 16:16 -0500
                Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-14 21:48 +0000
                Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-13 20:35 +0000
          Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 17:05 -0600
            Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-12 00:26 +0000
      Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 03:10 -0600
        Re: Security breach? Bit Twister <BitTwister@mouse-potato.com> - 2013-01-11 11:31 +0000
          Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 15:53 -0600
            Re: Security breach? Aragorn <stryder@telenet.be.invalid> - 2013-01-11 23:05 +0100
              Re: Security breach? Richard Kettlewell <rjk@greenend.org.uk> - 2013-01-11 22:14 +0000
                Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 16:47 -0600
                Re: Security breach? Bit Twister <BitTwister@mouse-potato.com> - 2013-01-12 00:26 +0000
                Re: Security breach? Richard Kettlewell <rjk@greenend.org.uk> - 2013-01-12 09:23 +0000
                Re: Security breach? Ohmster <root@dev.nul> - 2013-01-12 16:31 -0600
                Re: Security breach? Ohmster <root@dev.nul> - 2013-01-12 16:36 -0600
                Re: Security breach? Aragorn <stryder@telenet.be.invalid> - 2013-01-13 14:45 +0100
              Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 16:39 -0600
            Re: Security breach? Bit Twister <BitTwister@mouse-potato.com> - 2013-01-12 00:08 +0000
        Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-11 20:50 +0000
          Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 15:19 -0600
            Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-11 22:30 +0000
              Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 16:49 -0600
    Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 02:36 -0600
    Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 02:52 -0600
  Re: Security breach? "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2013-01-11 03:10 -0500
    Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 02:39 -0600
  Re: Security breach? Richard Kettlewell <rjk@greenend.org.uk> - 2013-01-11 10:53 +0000
    Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 15:12 -0600
      Re: Security breach? Aragorn <stryder@telenet.be.invalid> - 2013-01-11 22:53 +0100
        Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 15:57 -0600
          Re: Security breach? Aragorn <stryder@telenet.be.invalid> - 2013-01-11 23:29 +0100
            Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 16:55 -0600
              Re: Security breach? Aragorn <stryder@telenet.be.invalid> - 2013-01-11 23:59 +0100
                Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 17:07 -0600
                Re: Security breach? Aragorn <stryder@telenet.be.invalid> - 2013-01-12 00:24 +0100
                Re: Security breach? `blindshell' ...INFECTED (PORTS: 465) Ohmster <root@dev.nul> - 2013-01-11 17:48 -0600
                Re: Security breach? `blindshell' ...INFECTED (PORTS: 465) Ohmster <root@dev.nul> - 2013-01-11 18:07 -0600
            Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-12 00:16 +0000
              Re: Security breach? Aragorn <stryder@telenet.be.invalid> - 2013-01-12 12:13 +0100
                Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-12 18:30 +0000
      Re: Security breach? Richard Kettlewell <rjk@greenend.org.uk> - 2013-01-11 22:07 +0000
        Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 17:22 -0600

csiph-web