Change in suid root files
From: Robert (robert_schmidli@hotmail.com)
Date: 04/02/03
- Next message: Chris Lowth: "Re: iptables and NFS"
- Previous message: Alessandro Selli: "Xterm SUID root?"
- Next in thread: Wojtek Walczak: "Re: Change in suid root files"
- Reply: Wojtek Walczak: "Re: Change in suid root files"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Robert" <robert_schmidli@hotmail.com> Date: Wed, 2 Apr 2003 21:19:39 +1000
I am running Mandrake 9.0 on a permanent internet connection. I have msec
running (level 3). I frequently get the following messages.
Security Warning: Change in Suid Root files found :
- No longer present suid root file : /bin/mount
- No longer present suid root file : /bin/ping
- No longer present suid root file : /bin/su
- No longer present suid root file : /bin/umount
- No longer present suid root file : /sbin/pwdb_chkpwd
- No longer present suid root file : /sbin/unix_chkpwd
- No longer present suid root file : /usr/X11R6/bin/Xwrapper
- No longer present suid root file : /usr/bin/at
- No longer present suid root file : /usr/bin/cdrecord
[more follows]
What is the likely cause of this? I run chkrootkit regularly and it doesn't
pick up any evidence of an intrusion. Could something else be running that
is changing the file properties?
Could someone direct me to a url that explains what suids are all about?
- Next message: Chris Lowth: "Re: iptables and NFS"
- Previous message: Alessandro Selli: "Xterm SUID root?"
- Next in thread: Wojtek Walczak: "Re: Change in suid root files"
- Reply: Wojtek Walczak: "Re: Change in suid root files"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
