Thank you for clarifying! Yes, I misunderstood what was meant by setuid
change, it makes sense it is checking for any change in a setuid binary.
It may be worth changing the wording in the security(8) message from
Setuid changes:
to
Changed setuid binaries:
as this would eliminate
the man page says:
o Check for changes in setuid/setgid files and devices.
Those setuid binaries did change. They were replaced. The sizes
are different also. That's because there is a libc.a change and
these are static binaries.
the security script is not not just reporting whether set
Hi all,
security(8) sent me an alert that Setuid changed on /sbin/ping and
/sbin/ping6:
Running security(8):
Setuid changes:
-r-sr-xr-x 2 root bin 347728 Sep 27 17:40:01 2022 /sbin/ping
-r-sr-xr-x 1 root bin 347776 Mar 11 19:42:17 2023 /sbin/ping
-r-sr-xr-
3 matches
Mail list logo
