LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-17-2003, 12:48 PM   #1
yocompia
Member
 
Registered: Apr 2003
Location: Chicago, IL
Distribution: openbsd 3.6, slackware 10.0
Posts: 244

Rep: Reputation: 30
did somebody bust my FW?


having just gotten my firewall to successfully function, i'm at a loss to understand if the following messages in my syslog indicate someone having accessed my computer.

May 17 04:03:46 universal :
May 17 04:03:46 universal : Security Warning: Change in World Writable Files found :
May 17 04:03:46 universal : - Newly added writable file : /tmp/.ICE-unix/dcop2998-1053108309
May 17 04:03:46 universal : - No longer present writable file : /tmp/.ICE-unix/dcop2740-1052798608
May 17 04:03:46 universal : - No longer present writable file : /usr/share/apps/kscd/cddb/blues
May 17 04:03:46 universal : - No longer present writable file : /usr/share/apps/kscd/cddb/classical
May 17 04:03:46 universal : - No longer present writable file : /usr/share/apps/kscd/cddb/country
May 17 04:03:46 universal : - No longer present writable file : /usr/share/apps/kscd/cddb/data
May 17 04:03:46 universal : - No longer present writable file : /usr/share/apps/kscd/cddb/folk
May 17 04:03:46 universal : - No longer present writable file : /usr/share/apps/kscd/cddb/jazz
May 17 04:03:46 universal : - No longer present writable file : /usr/share/apps/kscd/cddb/misc
May 17 04:03:46 universal : - No longer present writable file : /usr/share/apps/kscd/cddb/newage
May 17 04:03:46 universal : - No longer present writable file : /usr/share/apps/kscd/cddb/reggae
May 17 04:03:46 universal : - No longer present writable file : /usr/share/apps/kscd/cddb/rock
May 17 04:03:46 universal : - No longer present writable file : /usr/share/apps/kscd/cddb/soundtrack
May 17 04:03:46 universal :
May 17 04:03:46 universal : Security Warning: the md5 checksum for one of your SUID files has changed,
May 17 04:03:46 universal : maybe an intruder modified one of these suid binary in order to put in a backdoor...
May 17 04:03:46 universal : - Checksum changed file : /usr/bin/cdrecord
May 17 04:03:46 universal : - Checksum changed file : /usr/bin/kppp
May 17 04:03:46 universal : - Checksum changed file : /usr/bin/smbumount
May 17 04:03:46 universal : - Checksum changed file : /usr/sbin/smbmnt
May 17 04:03:46 universal :
May 17 04:03:46 universal : Security Warning: World Writable files found :
May 17 04:03:46 universal : - /lib/dev-state/dri
May 17 04:03:46 universal : - /lib/dev-state/dri/card0
May 17 04:03:46 universal : - /lib/dev-state/log
May 17 04:03:46 universal : - /tmp/.ICE-unix
May 17 04:03:46 universal : - /tmp/.ICE-unix/dcop2998-1053108309
May 17 04:03:46 universal : - /tmp/.X11-unix
May 17 04:03:46 universal : - /tmp/.X11-unix/X0
May 17 04:03:46 universal : - /tmp/.font-unix
May 17 04:03:46 universal : - /tmp/.font-unix/fs-1
May 17 04:03:46 universal : - /tmp/.s.PGSQL.5432
May 17 04:03:46 universal : - /var/apache-mm
May 17 04:03:46 universal : - /var/lib/sasl/mux
May 17 04:03:46 universal : - /var/prelude/socket
May 17 04:03:46 universal : - /var/spool/samba

i also suspect that this could be due to the fact that i recently updated all my programs via mdkupdate, which fixed a number of security issues, and that this is all a result of the first inspection of the new SUIDs and added/modified files. since i don't understand the nature of what's going on here, i'm trying to not login as su until some sort of resolution is obtained.

ERRATA: if i want tighter security settings and file permissions for system files on mdk can i do this both by chmod-ing the appropriate paths AND using the mdk control center settings?
 
Old 05-17-2003, 01:08 PM   #2
DavidPhillips
LQ Guru
 
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,163

Rep: Reputation: 58
Your ok, I would guess that the update has changed file permissions to correct a vulnernablity that existed by having been world writable, the other warning seems to mean these files were updated, which could be a problem if you have not updated them. And some other files are writable, and possibly always were.

However you could always go through the security checklist

check out the security forum, a lot of work has gone into the information found there.

http://www.linuxquestions.org/questi...threadid=45261

Last edited by DavidPhillips; 05-17-2003 at 01:11 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SLAPT-GET Went bust?? karuptdata Slackware 1 09-05-2005 10:03 AM
How to bust up a huge log file safely? sdebiasio Linux - Newbie 2 08-19-2004 03:50 PM
Conexant modem drivers are a bust... bikedude880 Linux - Hardware 2 05-20-2004 06:22 PM
Mandrake will go bust ? futurist Mandriva 1 02-29-2004 05:04 AM
Nvidia Drivers or Bust :rolleyes: funkenbooty Linux - Newbie 3 07-25-2003 04:38 AM


All times are GMT -5. The time now is 08:47 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration