Re: Group permissions changed
From: Alan McKinnon (alan_at_linuxholdings.co.za)
Date: 09/29/05
- Previous message: sf_submit_at_yahoo.com: "Group permissions changed"
- In reply to: sf_submit_at_yahoo.com: "Group permissions changed"
- Next in thread: Eduardo Tongson: "Re: Group permissions changed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: focus-linux@securityfocus.com Date: Thu, 29 Sep 2005 18:31:06 +0200
On Wednesday, 28 September 2005 20:33, sf_submit@yahoo.com wrote:
> I posted this before on the security basics, but haven't recieved a
> response, and it worries me a bit, so I'm sending this to a few
> other groups in hopes that someone will have an idea about it.
>
> ---
>
> Fairly recently I noticed my ftp client wouldn't list files in
> certain directories on my server anymore - so I ssh'd in (it's
> dedicated), and did a ls -aFl on the files, hoping to see what the
> problem was - here are a few of the results:
>
> -rw-r--r-- 1 larry 503 371 2005-02-25 08:36 head.php
> -rw-r--r-- 1 larry 48 873 2005-09-09 03:23 foot.php
>
> I never set the group ids to 503 or 48, so I checked just to make
> sure - and no groups with those ids even exist. Is there an
> exploit/tool that causes this, and should I be worried?
>
> I checked the processes running, and everything seems to be OK -
> same with any processes connecting to the internet.
>
> I'd appreciate any comments
first step is probably to see how many other files don't have valid
users and groups:
find . -nouser
find . -nogroup
and take it from there
-- Alan McKinnon alan at linuxholdings dot co dot za +27 82, double three seven, one nine three five
- Previous message: sf_submit_at_yahoo.com: "Group permissions changed"
- In reply to: sf_submit_at_yahoo.com: "Group permissions changed"
- Next in thread: Eduardo Tongson: "Re: Group permissions changed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
