did somebody bust my FW?
having just gotten my firewall to successfully function, i'm at a loss to understand if the following messages in my syslog indicate someone having accessed my computer.
May 17 04:03:46 universal : May 17 04:03:46 universal : Security Warning: Change in World Writable Files found : May 17 04:03:46 universal : - Newly added writable file : /tmp/.ICE-unix/dcop2998-1053108309 May 17 04:03:46 universal : - No longer present writable file : /tmp/.ICE-unix/dcop2740-1052798608 May 17 04:03:46 universal : - No longer present writable file : /usr/share/apps/kscd/cddb/blues May 17 04:03:46 universal : - No longer present writable file : /usr/share/apps/kscd/cddb/classical May 17 04:03:46 universal : - No longer present writable file : /usr/share/apps/kscd/cddb/country May 17 04:03:46 universal : - No longer present writable file : /usr/share/apps/kscd/cddb/data May 17 04:03:46 universal : - No longer present writable file : /usr/share/apps/kscd/cddb/folk May 17 04:03:46 universal : - No longer present writable file : /usr/share/apps/kscd/cddb/jazz May 17 04:03:46 universal : - No longer present writable file : /usr/share/apps/kscd/cddb/misc May 17 04:03:46 universal : - No longer present writable file : /usr/share/apps/kscd/cddb/newage May 17 04:03:46 universal : - No longer present writable file : /usr/share/apps/kscd/cddb/reggae May 17 04:03:46 universal : - No longer present writable file : /usr/share/apps/kscd/cddb/rock May 17 04:03:46 universal : - No longer present writable file : /usr/share/apps/kscd/cddb/soundtrack May 17 04:03:46 universal : May 17 04:03:46 universal : Security Warning: the md5 checksum for one of your SUID files has changed, May 17 04:03:46 universal : maybe an intruder modified one of these suid binary in order to put in a backdoor... May 17 04:03:46 universal : - Checksum changed file : /usr/bin/cdrecord May 17 04:03:46 universal : - Checksum changed file : /usr/bin/kppp May 17 04:03:46 universal : - Checksum changed file : /usr/bin/smbumount May 17 04:03:46 universal : - Checksum changed file : /usr/sbin/smbmnt May 17 04:03:46 universal : May 17 04:03:46 universal : Security Warning: World Writable files found : May 17 04:03:46 universal : - /lib/dev-state/dri May 17 04:03:46 universal : - /lib/dev-state/dri/card0 May 17 04:03:46 universal : - /lib/dev-state/log May 17 04:03:46 universal : - /tmp/.ICE-unix May 17 04:03:46 universal : - /tmp/.ICE-unix/dcop2998-1053108309 May 17 04:03:46 universal : - /tmp/.X11-unix May 17 04:03:46 universal : - /tmp/.X11-unix/X0 May 17 04:03:46 universal : - /tmp/.font-unix May 17 04:03:46 universal : - /tmp/.font-unix/fs-1 May 17 04:03:46 universal : - /tmp/.s.PGSQL.5432 May 17 04:03:46 universal : - /var/apache-mm May 17 04:03:46 universal : - /var/lib/sasl/mux May 17 04:03:46 universal : - /var/prelude/socket May 17 04:03:46 universal : - /var/spool/samba i also suspect that this could be due to the fact that i recently updated all my programs via mdkupdate, which fixed a number of security issues, and that this is all a result of the first inspection of the new SUIDs and added/modified files. since i don't understand the nature of what's going on here, i'm trying to not login as su until some sort of resolution is obtained. ERRATA: if i want tighter security settings and file permissions for system files on mdk can i do this both by chmod-ing the appropriate paths AND using the mdk control center settings? |
Your ok, I would guess that the update has changed file permissions to correct a vulnernablity that existed by having been world writable, the other warning seems to mean these files were updated, which could be a problem if you have not updated them. And some other files are writable, and possibly always were.
However you could always go through the security checklist check out the security forum, a lot of work has gone into the information found there. http://www.linuxquestions.org/questi...threadid=45261 |
All times are GMT -5. The time now is 06:10 PM. |