On Thu, 2002-10-31 at 07:02, Andrew Boring wrote: > I upgraded a box from 4.6 to 4.7 that is not in production yet. This was > my first time upgrading via CVS and make world and everything appeared to > go smoothly with no issues. > > However, the following day I received mail from the daily periodic scripts > Security Run Output: > > Checking setuid files and devices: > setuid diffs: > 1,50c1,50 > < 11 -r-sr-xr-x 1 root wheel 321100 Oct 8 11:12:48 2002 /bin/rcp > < 2761 -r-xr-sr-x 1 root kmem 65944 Oct 9 12:45:20 2002 > /sbin/ccdconfig > < 153 -r-sr-xr-x 1 root wheel 201836 Oct 9 12:45:27 2002 > /sbin/ping > < 154 -r-sr-xr-x 1 root wheel 202816 Oct 9 12:45:27 2002 > /sbin/ping6 > [...] > > Looking through the 100.chksetuid script, I am guessing that the security > script is warning me that the binaries have changed (as a result of the > source upgrade) and NOT that the permissions have changed or that more > have been added. Am I correct? I don't have a record or snapshot of the > permissions on all the binaries listed in the email to verify.
permissions, owner, group, filesize, date, filename ... anything that's different between the directory snapshot from the previous run and the current one. It's just a diff between two ls commands, but it's pretty effective for catching unusual goings on To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
