LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-28-2005, 11:05 AM   #1
foxxer
LQ Newbie
 
Registered: May 2005
Location: Europe
Distribution: Mandravia 10.1
Posts: 10

Rep: Reputation: 0
Security Warning: World Writable files found


Hi guys. I have received the following email from "root@root.root"

I assume it was sent by my linux box to my mail account automatically ?

What does it mean, and what steps should I take to fix the issue ?

Quote:
Security Warning: World Writable files found :
Security Warning: World Writable files found :
- /sys/module/drm/parameters/debug
- /tmp/.ICE-unix
- /tmp/.X11-unix
- /tmp/.X11-unix/X0
- /tmp/.font-unix
- /tmp/.font-unix/fs-1
- /var/run/acpid.socket
- /var/run/dbus/system_dbus_socket
- /var/run/sdp
- /var/run/xdmctl/dmctl-:0/socket
- /var/run/xdmctl/dmctl/socket
- /var/spool/postfix/dev/log
- /var/spool/postfix/private/anvil
- /var/spool/postfix/private/bounce
- /var/spool/postfix/private/cyrus
- /var/spool/postfix/private/cyrus-chroot
- /var/spool/postfix/private/cyrus-deliver
- /var/spool/postfix/private/cyrus-inet
- /var/spool/postfix/private/defer
- /var/spool/postfix/private/error
- /var/spool/postfix/private/lmtp
- /var/spool/postfix/private/lmtp-filter
- /var/spool/postfix/private/local
- /var/spool/postfix/private/maildrop
- /var/spool/postfix/private/proxymap
- /var/spool/postfix/private/relay
- /var/spool/postfix/private/rewrite
- /var/spool/postfix/private/smtp
- /var/spool/postfix/private/smtp-filter
- /var/spool/postfix/private/tlsmgr
- /var/spool/postfix/private/trace
- /var/spool/postfix/private/uucp
- /var/spool/postfix/private/verify
- /var/spool/postfix/private/virtual
- /var/spool/postfix/public/cleanup
- /var/spool/postfix/public/flush
- /var/spool/postfix/public/pickup
- /var/spool/postfix/public/qmgr
- /var/spool/postfix/public/showq
- /var/spool/spamassassin
- /var/spool/spamassassin/auto-whitelist.db

Security Warning: these home directory should not be owned by someone else or writable :
user=gdm(75) : home directory is group writable.

Security Warning: These files belonging to packages are modified on the system :
- /usr/X11R6/lib/X11/fonts/TTF/fonts.cache-1
- /usr/X11R6/lib/X11/fonts/Type1/fonts.cache-1
- /usr/X11R6/lib/X11/icewm/menu
- /usr/X11R6/lib/X11/icewm/preferences
- /usr/share/a2ps/afm/fonts.map
- /usr/share/fax/hyla.conf
- /usr/share/fonts/ttf/decoratives/fonts.cache-1
- /usr/share/fonts/ttf/western/fonts.cache-1
- /var/lib/nfs/state

Security Warning: These config files belonging to packages are modified on the system :
- /etc/X11/fs/config
- /etc/X11/gdm/gdm.conf
- /etc/host.conf
- /etc/hotplug/blacklist
- /etc/info-dir
- /etc/inittab
- /etc/login.defs
- /etc/modprobe.conf
- /etc/modprobe.preload
- /etc/modules
- /etc/modules.conf
- /etc/mtools.conf
- /etc/ntp.conf
- /etc/pam.d/system-auth
- /etc/qtrc
- /etc/shorewall/interfaces
- /etc/shorewall/masq
- /etc/shorewall/policy
- /etc/shorewall/zones
- /etc/sysconfig/bootsplash
- /etc/sysconfig/firstboot
- /etc/sysconfig/harddrake2/previous_hw
- /etc/sysconfig/msec
- /etc/sysconfig/pcmcia
- /etc/sysconfig/rawdevices
- /etc/sysconfig/syslog
- /etc/sysctl.conf
- /etc/syslog.conf
- /etc/xml/catalog
- /usr/share/config/kdeglobals
- /usr/share/config/kdesktoprc
- /usr/share/config/kdm/kdmrc
- /usr/share/config/konquerorrc
- /usr/share/sgml/docbook/xmlcatalog

These are the ports listening on your machine :
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 relay:10026 *:* LISTEN 7791/master
tcp 0 0 *:sunrpc *:* LISTEN 6552/portmap
tcp 0 0 *:x11 *:* LISTEN 7114/X
tcp 0 0 relay:5335 *:* LISTEN 7179/mDNSResponder
tcp 0 0 *:919 *:* LISTEN 6673/rpc.statd
tcp 0 0 relay:smtp *:* LISTEN 7791/master
tcp 0 0 *:7741 *:* LISTEN 7878/lisa
udp 0 0 *:913 *:* 6673/rpc.statd
udp 0 0 *:916 *:* 6673/rpc.statd
udp 0 0 *:7741 *:* 7878/lisa
udp 0 0 *:bootpc *:* 4863/dhclient
udp 0 0 *:5353 *:* 7179/mDNSResponder
udp 0 0 *:sunrpc *:* 6552/portmap
raw 68272 0 *:icmp *:* 7 7878/lisa
 
Old 05-28-2005, 11:24 AM   #2
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 681Reputation: 681Reputation: 681Reputation: 681Reputation: 681Reputation: 681
I took a look in my /var/spool/postfix directory. While the files in the private directory are world writable, the 'x' bit on the /var/spool/postfix/private directory is clear, so only postfix can enter the directory.

drwx------ 2 postfix root 504 May 28 02:24 .
drwxr-xr-x 16 root root 384 Jan 26 11:29 ..
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 anvil
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 bounce
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 bsmtp
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 cyrus
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 defer
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 error
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 ifmail
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 lmtp
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 local
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 maildrop
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 procmail
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 proxymap
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 relay
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 rewrite
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 smtp
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 trace
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 uucp
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 verify
srw-rw-rw- 1 postfix postfix 0 May 28 02:24 virtual

drwxr-xr-x 16 root root 384 Jan 26 11:29 .
drwxr-xr-x 14 root root 368 Mar 4 01:28 ..
drwx------ 15 postfix root 360 May 23 03:41 active
drwx------ 3 postfix root 72 May 23 03:32 bounce
drwx------ 2 postfix root 48 Jan 26 11:29 corrupt
drwx------ 2 postfix root 48 Jan 26 11:29 defer
drwx------ 2 postfix root 48 Jan 26 11:29 deferred
drwx------ 2 postfix root 48 Jan 26 11:29 flush
drwx------ 2 postfix root 48 Jan 26 11:29 hold
drwx------ 15 postfix root 360 May 23 03:41 incoming
drwx-wx--- 2 postfix maildrop 48 May 23 03:41 maildrop
drwxr-xr-x 2 root root 208 May 28 01:00 pid
drwx------ 2 postfix root 504 May 28 02:24 private
drwx--x--- 2 postfix maildrop 168 May 28 02:24 public
drwx------ 2 postfix root 48 Jan 26 11:29 saved
drwx------ 8 postfix root 192 May 23 03:39 trace
 
Old 05-28-2005, 12:01 PM   #3
foxxer
LQ Newbie
 
Registered: May 2005
Location: Europe
Distribution: Mandravia 10.1
Posts: 10

Original Poster
Rep: Reputation: 0
Okay I've only bene using Linux for 2 days lol

It's a Mandravia 10.1 disttribution. And I have no idea what a postfix is.

What does it mean ? Is there anything I should change ?


Sorry lol
 
Old 05-29-2005, 05:18 PM   #4
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 681Reputation: 681Reputation: 681Reputation: 681Reputation: 681Reputation: 681
Postfix is an MTA. Mail Transfer Agent. It receives and sends email messages on your system. It is actually several programs.

You can read an overview in the documentation that came with it.
/usr/share/doc/packages/postfix/README_FILES/OVERVIEW

It includes a replacement of the sendmail program. You probably don't want to change anything unless you are sure what you
are doing. You can use drakconf to change many of the settings.

There is a package you can install that adds a section for configuring servers, if that is what you want to do. I don't remember the name however. wizdrake, drakwiz, wizarddrak? One of these names mightbe write. You would need to do this unless you want to run a mil server
 
Old 05-31-2005, 04:38 PM   #5
bulliver
Senior Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86_64; Gentoo PPC; FreeBSD; OS X 10.9.4
Posts: 3,760
Blog Entries: 4

Rep: Reputation: 78
Seems to me if you don't know what postfix is, you should not have it running. Does your machine require a mail server?
 
1 members found this post helpful.
Old 06-01-2005, 02:56 PM   #6
Atrocity
Member
 
Registered: Nov 2002
Location: Hell
Distribution: FreeBSD, Slackware
Posts: 308

Rep: Reputation: 30
Thats the same thing I was thinking, is there a reason you have a mail server running becuase if not disable it imediatly
 
Old 06-03-2005, 01:17 AM   #7
sigsegv
Senior Member
 
Registered: Nov 2004
Location: Third rock from the Sun
Distribution: NetBSD-2, FreeBSD-5.4, OpenBSD-3.[67], RHEL[34], OSX 10.4.1
Posts: 1,197

Rep: Reputation: 47
Judging by the OP's netstat output -- It's pretty safe to say that the MTA is only running on loopback ...
 
Old 06-04-2005, 12:03 PM   #8
foxxer
LQ Newbie
 
Registered: May 2005
Location: Europe
Distribution: Mandravia 10.1
Posts: 10

Original Poster
Rep: Reputation: 0
No I was not aware of having a mail server installed.

I have installed three more Linux distributions after I made this post lol. Now I am back to Mandravia again, but only as Dual Boot together with WinXP since I would not manage to get WLAN and Stream Recording to run the way I wanted to.

I'm still thinking why I had an SMTP server running. Must have been one of the packs I installed ?

Anyways I re-installed Linux, so the problem should be fixed now.

Thanks for the input. Great board ! Be warned that I will come back because I am sure that I still have loads to inquire about in the future.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
amarok - TagLib claims files are not writable linmix Linux - Software 3 03-17-2005 10:14 AM
sendmail world writable directory jbrearley Linux - Software 0 07-01-2004 01:16 PM
world writeable files will not stay world writeable antken Mandriva 1 03-02-2004 06:04 PM
Security Warning: These files belonging to packages are modified on the system jmcollin92 Linux - Security 1 12-29-2003 07:16 AM
Warning: Protect Your Digital Rights And Security! TexasDex General 11 04-25-2003 12:54 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:13 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration