files named: /.SeCuRiTy. on Solaris server

From: Toby Rider (tarider@blackmill.net)
Date: 07/24/01

Previous message: Alex Noordergraaf: "Announce: Building and Deploying OpenSSH on the Solaris OE"
Next in thread: Doug Hughes: "Re: files named: /.SeCuRiTy. on Solaris server"
Reply: Doug Hughes: "Re: files named: /.SeCuRiTy. on Solaris server"
Reply: Brian Carpio: "Re: files named: /.SeCuRiTy. on Solaris server"
Reply: Rob Lindenbusch: "Re: files named: /.SeCuRiTy. on Solaris server"
Reply: Mike D. Kail: "Re: files named: /.SeCuRiTy. on Solaris server"
Reply: Becker, Brian: "RE: files named: /.SeCuRiTy. on Solaris server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 24 Jul 2001 10:55:20 -0700 (PDT)
From: Toby Rider <tarider@blackmill.net>
To: focus-sun@securityfocus.com
Subject: files named: /.SeCuRiTy. on Solaris server
Message-ID: <Pine.GSO.4.10.10107241035360.1251-100000@neuromancer>

Hello all,

        I noticed that in the root directory of one of my Solaris 7
Sparc servers I have about a hundred files named: .SeCuRiTy.<number> in
the root directory.
        They are all grouped in two days. They are all owned by daemon,
and all have 600 permissions.
        This machine is not open to direct access from the internet, it is
a NIS slave server and runs Veritas Netbackup Datacenter, and has the
latest recommended patch cluster from Sun.
        Obviously I am curious about these files, but I can't find any
info. on the web about this being a possible compromise.
        Does anyone know if this is the result of a compromise and where I
can get info. on this possible exploit? Thanks!

Toby A. Rider

Previous message: Alex Noordergraaf: "Announce: Building and Deploying OpenSSH on the Solaris OE"
Next in thread: Doug Hughes: "Re: files named: /.SeCuRiTy. on Solaris server"
Reply: Doug Hughes: "Re: files named: /.SeCuRiTy. on Solaris server"
Reply: Brian Carpio: "Re: files named: /.SeCuRiTy. on Solaris server"
Reply: Rob Lindenbusch: "Re: files named: /.SeCuRiTy. on Solaris server"
Reply: Mike D. Kail: "Re: files named: /.SeCuRiTy. on Solaris server"
Reply: Becker, Brian: "RE: files named: /.SeCuRiTy. on Solaris server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: write with cURL
... execute permissions. ... of potential security risks from other users on the same server. ... I made this suggestion because their web host appears to run Apache ... risk to allow Apache's group write access, since all PHP scripts ran ...
(alt.php)
RE: Windows 2003 Server - Everyone Group
... this folder only accessable by the users in the "special" group. ... Configure User and Group Access on an Intranet in Windows Server ... NTFS files system permissions control ... group that you want to set permissions for, click Check Names to verify the ...
(microsoft.public.win2000.networking)
Fail DBD::Mysql 4.003 installation
... This test requires a running server and write permissions. ... permissions, then retry. ... Failed 9/9 tests, 0.00% okay ...
(perl.dbi.users)
Re: write with cURL
... execute permissions. ... of potential security risks from other users on the same server. ... I made this suggestion because their web host appears to run Apache ... risk to allow Apache's group write access, since all PHP scripts ran ...
(alt.php)
Re: Virtual Directory - Permission Denied with fso CopyFile
... TestUser (normal user account with same credentials on all machines). ... I created a share on a remote server. ... reviewing it's sharing permissions and security tab permissions "everyone" ... "directory security" tab on the vdir and selecting, edit, edit and manually ...
(microsoft.public.inetserver.iis)