LinuxQuestions.org - Security Warning: World Writable files found

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Security Warning: World Writable files found (https://www.linuxquestions.org/questions/linux-security-4/security-warning-world-writable-files-found-327966/)

Security Warning: World Writable files found

Hi guys. I have received the following email from "root@root.root"

I assume it was sent by my linux box to my mail account automatically ?

What does it mean, and what steps should I take to fix the issue ?

Quote:

Security Warning: World Writable files found :
Security Warning: World Writable files found :
- /sys/module/drm/parameters/debug
- /tmp/.ICE-unix
- /tmp/.X11-unix
- /tmp/.X11-unix/X0
- /tmp/.font-unix
- /tmp/.font-unix/fs-1
- /var/run/acpid.socket
- /var/run/dbus/system_dbus_socket
- /var/run/sdp
- /var/run/xdmctl/dmctl-:0/socket
- /var/run/xdmctl/dmctl/socket
- /var/spool/postfix/dev/log
- /var/spool/postfix/private/anvil
- /var/spool/postfix/private/bounce
- /var/spool/postfix/private/cyrus
- /var/spool/postfix/private/cyrus-chroot
- /var/spool/postfix/private/cyrus-deliver
- /var/spool/postfix/private/cyrus-inet
- /var/spool/postfix/private/defer
- /var/spool/postfix/private/error
- /var/spool/postfix/private/lmtp
- /var/spool/postfix/private/lmtp-filter
- /var/spool/postfix/private/local
- /var/spool/postfix/private/maildrop
- /var/spool/postfix/private/proxymap
- /var/spool/postfix/private/relay
- /var/spool/postfix/private/rewrite
- /var/spool/postfix/private/smtp
- /var/spool/postfix/private/smtp-filter
- /var/spool/postfix/private/tlsmgr
- /var/spool/postfix/private/trace
- /var/spool/postfix/private/uucp
- /var/spool/postfix/private/verify
- /var/spool/postfix/private/virtual
- /var/spool/postfix/public/cleanup
- /var/spool/postfix/public/flush
- /var/spool/postfix/public/pickup
- /var/spool/postfix/public/qmgr
- /var/spool/postfix/public/showq
- /var/spool/spamassassin
- /var/spool/spamassassin/auto-whitelist.db

Security Warning: these home directory should not be owned by someone else or writable :
user=gdm(75) : home directory is group writable.

Security Warning: These files belonging to packages are modified on the system :
- /usr/X11R6/lib/X11/fonts/TTF/fonts.cache-1
- /usr/X11R6/lib/X11/fonts/Type1/fonts.cache-1
- /usr/X11R6/lib/X11/icewm/menu
- /usr/X11R6/lib/X11/icewm/preferences
- /usr/share/a2ps/afm/fonts.map
- /usr/share/fax/hyla.conf
- /usr/share/fonts/ttf/decoratives/fonts.cache-1
- /usr/share/fonts/ttf/western/fonts.cache-1
- /var/lib/nfs/state

Security Warning: These config files belonging to packages are modified on the system :
- /etc/X11/fs/config
- /etc/X11/gdm/gdm.conf
- /etc/host.conf
- /etc/hotplug/blacklist
- /etc/info-dir
- /etc/inittab
- /etc/login.defs
- /etc/modprobe.conf
- /etc/modprobe.preload
- /etc/modules
- /etc/modules.conf
- /etc/mtools.conf
- /etc/ntp.conf
- /etc/pam.d/system-auth
- /etc/qtrc
- /etc/shorewall/interfaces
- /etc/shorewall/masq
- /etc/shorewall/policy
- /etc/shorewall/zones
- /etc/sysconfig/bootsplash
- /etc/sysconfig/firstboot
- /etc/sysconfig/harddrake2/previous_hw
- /etc/sysconfig/msec
- /etc/sysconfig/pcmcia
- /etc/sysconfig/rawdevices
- /etc/sysconfig/syslog
- /etc/sysctl.conf
- /etc/syslog.conf
- /etc/xml/catalog
- /usr/share/config/kdeglobals
- /usr/share/config/kdesktoprc
- /usr/share/config/kdm/kdmrc
- /usr/share/config/konquerorrc
- /usr/share/sgml/docbook/xmlcatalog

These are the ports listening on your machine :
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 relay:10026 *:* LISTEN 7791/master
tcp 0 0 *:sunrpc *:* LISTEN 6552/portmap
tcp 0 0 *:x11 *:* LISTEN 7114/X
tcp 0 0 relay:5335 *:* LISTEN 7179/mDNSResponder
tcp 0 0 *:919 *:* LISTEN 6673/rpc.statd
tcp 0 0 relay:smtp *:* LISTEN 7791/master
tcp 0 0 *:7741 *:* LISTEN 7878/lisa
udp 0 0 *:913 *:* 6673/rpc.statd
udp 0 0 *:916 *:* 6673/rpc.statd
udp 0 0 *:7741 *:* 7878/lisa
udp 0 0 *:bootpc *:* 4863/dhclient
udp 0 0 *:5353 *:* 7179/mDNSResponder
udp 0 0 *:sunrpc *:* 6552/portmap
raw 68272 0 *:icmp *:* 7 7878/lisa

I took a look in my /var/spool/postfix directory. While the files in the private directory are world writable, the 'x' bit on the /var/spool/postfix/private directory is clear, so only postfix can enter the directory.

drwx------ 2 postfix root 504 May 28 02:24 .
drwxr-xr-x 16 root root 384 Jan 26 11:29 ..
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 anvil
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 bounce
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 bsmtp
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 cyrus
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 defer
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 error
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 ifmail
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 lmtp
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 local
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 maildrop
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 procmail
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 proxymap
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 relay
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 rewrite
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 smtp
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 trace
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 uucp
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 verify
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 virtual

drwxr-xr-x 16 root root 384 Jan 26 11:29 .
drwxr-xr-x 14 root root 368 Mar 4 01:28 ..
drwx------ 15 postfix root 360 May 23 03:41 active
drwx------ 3 postfix root 72 May 23 03:32 bounce
drwx------ 2 postfix root 48 Jan 26 11:29 corrupt
drwx------ 2 postfix root 48 Jan 26 11:29 defer
drwx------ 2 postfix root 48 Jan 26 11:29 deferred
drwx------ 2 postfix root 48 Jan 26 11:29 flush
drwx------ 2 postfix root 48 Jan 26 11:29 hold
drwx------ 15 postfix root 360 May 23 03:41 incoming
drwx-wx--- 2 postfix maildrop 48 May 23 03:41 maildrop
drwxr-xr-x 2 root root 208 May 28 01:00 pid
drwx------ 2 postfix root 504 May 28 02:24 private
drwx--x--- 2 postfix maildrop 168 May 28 02:24 public
drwx------ 2 postfix root 48 Jan 26 11:29 saved
drwx------ 8 postfix root 192 May 23 03:39 trace

Okay I've only bene using Linux for 2 days lol

It's a Mandravia 10.1 disttribution. And I have no idea what a postfix is.

What does it mean ? Is there anything I should change ?

Sorry lol

Postfix is an MTA. Mail Transfer Agent. It receives and sends email messages on your system. It is actually several programs.

You can read an overview in the documentation that came with it.
/usr/share/doc/packages/postfix/README_FILES/OVERVIEW

It includes a replacement of the sendmail program. You probably don't want to change anything unless you are sure what you
are doing. You can use drakconf to change many of the settings.

There is a package you can install that adds a section for configuring servers, if that is what you want to do. I don't remember the name however. wizdrake, drakwiz, wizarddrak? One of these names mightbe write. You would need to do this unless you want to run a mil server

Seems to me if you don't know what postfix is, you should not have it running. Does your machine require a mail server?

Thats the same thing I was thinking, is there a reason you have a mail server running becuase if not disable it imediatly

Judging by the OP's netstat output -- It's pretty safe to say that the MTA is only running on loopback ...

No I was not aware of having a mail server installed.

I have installed three more Linux distributions after I made this post lol. Now I am back to Mandravia again, but only as Dual Boot together with WinXP since I would not manage to get WLAN and Stream Recording to run the way I wanted to.

I'm still thinking why I had an SMTP server running. Must have been one of the packs I installed ?

Anyways I re-installed Linux, so the problem should be fixed now.

Thanks for the input. Great board ! Be warned that I will come back because I am sure that I still have loads to inquire about in the future. :rolleyes: