James wrote: > Hello > > I was performing a routine security audit using: > > find / -user root -perm -4000 -print > > which found these peculiar files: > > /usr/athena/bin/su > /usr/athena/bin/otp > /usr/athena/bin/rcp > /usr/athena/bin/rsh > /usr/athena/bin/rlogin > > > upon greater inspection this is most troubling: > > -rws--x--x 1 root root 108416 May 4 19:52 /usr/athena/bin/su > -rws--x--x 1 root root 105640 May 4 19:52 /usr/athena/bin/otp > -rws--x--x 1 root root 95840 May 4 19:52 /usr/athena/bin/rlogin > > > Are these part of a normal gentoo system running hardened, or is it > time to re-install this machine?
Have you tried checking which (if any) packages own these files? Have you built anything yourself outside of portage that could have installed them? Thanks, Donnie
signature.asc
Description: OpenPGP digital signature