LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   did somebody bust my FW? (https://www.linuxquestions.org/questions/linux-newbie-8/did-somebody-bust-my-fw-60317/)

yocompia 05-17-2003 11:48 AM

did somebody bust my FW?
 
having just gotten my firewall to successfully function, i'm at a loss to understand if the following messages in my syslog indicate someone having accessed my computer.

May 17 04:03:46 universal :
May 17 04:03:46 universal : Security Warning: Change in World Writable Files found :
May 17 04:03:46 universal : - Newly added writable file : /tmp/.ICE-unix/dcop2998-1053108309
May 17 04:03:46 universal : - No longer present writable file : /tmp/.ICE-unix/dcop2740-1052798608
May 17 04:03:46 universal : - No longer present writable file : /usr/share/apps/kscd/cddb/blues
May 17 04:03:46 universal : - No longer present writable file : /usr/share/apps/kscd/cddb/classical
May 17 04:03:46 universal : - No longer present writable file : /usr/share/apps/kscd/cddb/country
May 17 04:03:46 universal : - No longer present writable file : /usr/share/apps/kscd/cddb/data
May 17 04:03:46 universal : - No longer present writable file : /usr/share/apps/kscd/cddb/folk
May 17 04:03:46 universal : - No longer present writable file : /usr/share/apps/kscd/cddb/jazz
May 17 04:03:46 universal : - No longer present writable file : /usr/share/apps/kscd/cddb/misc
May 17 04:03:46 universal : - No longer present writable file : /usr/share/apps/kscd/cddb/newage
May 17 04:03:46 universal : - No longer present writable file : /usr/share/apps/kscd/cddb/reggae
May 17 04:03:46 universal : - No longer present writable file : /usr/share/apps/kscd/cddb/rock
May 17 04:03:46 universal : - No longer present writable file : /usr/share/apps/kscd/cddb/soundtrack
May 17 04:03:46 universal :
May 17 04:03:46 universal : Security Warning: the md5 checksum for one of your SUID files has changed,
May 17 04:03:46 universal : maybe an intruder modified one of these suid binary in order to put in a backdoor...
May 17 04:03:46 universal : - Checksum changed file : /usr/bin/cdrecord
May 17 04:03:46 universal : - Checksum changed file : /usr/bin/kppp
May 17 04:03:46 universal : - Checksum changed file : /usr/bin/smbumount
May 17 04:03:46 universal : - Checksum changed file : /usr/sbin/smbmnt
May 17 04:03:46 universal :
May 17 04:03:46 universal : Security Warning: World Writable files found :
May 17 04:03:46 universal : - /lib/dev-state/dri
May 17 04:03:46 universal : - /lib/dev-state/dri/card0
May 17 04:03:46 universal : - /lib/dev-state/log
May 17 04:03:46 universal : - /tmp/.ICE-unix
May 17 04:03:46 universal : - /tmp/.ICE-unix/dcop2998-1053108309
May 17 04:03:46 universal : - /tmp/.X11-unix
May 17 04:03:46 universal : - /tmp/.X11-unix/X0
May 17 04:03:46 universal : - /tmp/.font-unix
May 17 04:03:46 universal : - /tmp/.font-unix/fs-1
May 17 04:03:46 universal : - /tmp/.s.PGSQL.5432
May 17 04:03:46 universal : - /var/apache-mm
May 17 04:03:46 universal : - /var/lib/sasl/mux
May 17 04:03:46 universal : - /var/prelude/socket
May 17 04:03:46 universal : - /var/spool/samba

i also suspect that this could be due to the fact that i recently updated all my programs via mdkupdate, which fixed a number of security issues, and that this is all a result of the first inspection of the new SUIDs and added/modified files. since i don't understand the nature of what's going on here, i'm trying to not login as su until some sort of resolution is obtained.

ERRATA: if i want tighter security settings and file permissions for system files on mdk can i do this both by chmod-ing the appropriate paths AND using the mdk control center settings?

DavidPhillips 05-17-2003 12:08 PM

Your ok, I would guess that the update has changed file permissions to correct a vulnernablity that existed by having been world writable, the other warning seems to mean these files were updated, which could be a problem if you have not updated them. And some other files are writable, and possibly always were.

However you could always go through the security checklist

check out the security forum, a lot of work has gone into the information found there.

http://www.linuxquestions.org/questi...threadid=45261


All times are GMT -5. The time now is 06:10 PM.