I'm a little worried after reading the security output this morning.
It seems some files [ping, ping6, shutdown, at, atq and atrm] have
setuid diffs. I really don't know why this could have happened.
I updated some ports yesterday, but I don't think any port writes
in /sbin (?)
Could someboddy advice me on what can have happened?
What ports have you updated? You can check if any of them has
installed new files in /sbin by running `pkg_info -L
your_updated_port-version`. See the -L option of pkg_info(1) in the
man page 

You can also consider installing a Host Based Integrity Monitoring
software. I use Osiris which is quite simple to setup and administer.
It's already in the ports as security/osiris which you can get there:

Of course, don't install osiris on a machine which you're not sure if
it has been tampered with, it would defeat the purpose... You can also
take a look at other integrity checking software such as Samhain,
Tripwire or aide.


David Robillard
UNIX systems administrator & Oracle DBA
CISSP, RHCE & Sun Certified Security Administrator
Montreal: +1 514 966 0122
freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to