Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!simtel!news.kei.com!news.mathworks.com!newsfeed.internetmci.com!news.sprintlink.net!dns.crocker.com!wizard.pn.com!news.zeitgeist.net!news.icinet.net!newsadm From: larryt@goldrush.com Newsgroups: comp.unix.bsd.bsdi.misc Subject: Daily Insecurity Report? Need interpretation.... Date: 17 Oct 1995 15:46:07 GMT Organization: Goldrush World Access Lines: 105 Message-ID: <460j3v$euu@SNEEZY.icinet.net> NNTP-Posting-Host: acme.goldrush.com X-Newsreader: AIR News 3.X (SPRY, Inc.) I got this message from the daily script. I really don't understand what it is trying to tell me. The only thing that happened was that the disk filled the day before, so whould that have caused these problems? Or, has someone comprimised my system? Any help understanding the implication would be greatly appreciated. Thanks in advance, --Larry > Checking setuid files and devices: > Setuid additions: > -r-xr-sr-x 1 bin kmem 1240 Feb 3 17:22:34 1995 /sbin/dmesg > -r-sr-sr-x 2 root tty 28672 Aug 12 07:04:22 1995 /sbin/dump > -r-sr-sr-x 1 root tty 28672 Feb 7 08:49:40 1995 /sbin/dump.orig > -r-sr-xr-x 1 root bin 2416 Feb 3 17:22:54 1995 /sbin/mount_msdos > -r-sr-xr-x 1 root bin 1804 Feb 3 17:23:02 1995 /sbin/mount_union > -r-sr-xr-x 1 root bin 12288 Feb 3 17:23:10 1995 /sbin/ping > -r-sr-sr-x 2 root tty 28672 Aug 12 07:04:22 1995 /sbin/rdump > -r-sr-sr-x 2 root tty 40960 Aug 12 07:04:22 1995 /sbin/restore > -r-sr-sr-x 1 root tty 40960 Feb 3 17:23:17 1995 /sbin/restore.orig > -r-sr-xr-x 1 root bin 20480 Feb 3 17:23:20 1995 /sbin/route > -r-sr-sr-x 2 root tty 40960 Aug 12 07:04:22 1995 /sbin/rrestore > -r-sr-x--- 1 root operator 3952 Feb 3 17:23:26 1995 /sbin/shutdown > prw-r--r-- 1 root wheel 0 Oct 6 23:15:46 1995 /tmp/pub_alisten > prw-r--r-- 1 root wheel 0 Oct 6 23:15:46 1995 /tmp/pub_dlisten > -r-sr-xr-x 3 root bin 24576 Aug 12 07:04:33 1995 /usr/bin/at > -r-sr-xr-x 1 root bin 24576 Feb 3 17:27:55 1995 /usr/bin/at.orig > -r-sr-xr-x 3 root bin 24576 Aug 12 07:04:33 1995 /usr/bin/atq > -r-sr-xr-x 3 root bin 24576 Aug 12 07:04:33 1995 /usr/bin/atrm > -r-sr-xr-x 3 root bin 12288 Feb 3 17:28:26 1995 /usr/bin/chfn > -r-sr-xr-x 3 root bin 12288 Feb 3 17:28:26 1995 /usr/bin/chpass > -r-sr-xr-x 3 root bin 12288 Feb 3 17:28:26 1995 /usr/bin/chsh > -rws--x--x 1 root bin 20480 Feb 3 17:28:37 1995 /usr/bin/crontab > -r-s--x--- 2 uucp dialer 28672 Feb 3 17:32:42 1995 /usr/bin/cu > -r-xr-sr-x 1 bin kmem 12288 Feb 3 17:29:08 1995 /usr/bin/fstat > -r-sr-xr-x 1 root bin 1924 Feb 3 17:31:16 1995 /usr/bin/lock > -r-sr-sr-x 1 root daemon 12288 Feb 3 17:35:23 1995 /usr/bin/lpq > -r-sr-sr-x 1 root daemon 12288 Feb 3 17:35:24 1995 /usr/bin/lpr > -r-sr-sr-x 1 root daemon 12288 Feb 3 17:35:25 1995 /usr/bin/lprm > -r-sr-sr-x 3 root kmem 147456 Aug 12 07:05:09 1995 /usr/bin/mailq > -r-sr-sr-x 3 root kmem 147456 Aug 12 07:05:09 1995 > /usr/bin/newaliases -r-xr-sr-x 1 bin kmem 3496 Feb 3 17:31:40 1995 > /usr/bin/nfsstat -r-sr-xr-x 1 root bin 1632 Aug 12 07:07:22 1995 > /usr/bin/passwd -r-sr-xr-x 1 root bin 1620 Feb 3 17:31:45 1995 > /usr/bin/passwd.orig -r-sr-x--- 1 root netdial 20480 Aug 12 07:03:53 > 1995 /usr/bin/ppp -r-sr-x--- 1 root netdial 20480 Feb 3 17:31:47 > 1995 /usr/bin/ppp.orig -r-sr-xr-x 1 root bin 3664 Feb 3 17:31:56 > 1995 /usr/bin/quota -r-sr-xr-x 1 root bin 32768 Feb 3 17:32:10 1995 > /usr/bin/rdist -r-sr-xr-x 1 root bin 12288 Feb 3 17:32:13 1995 > /usr/bin/rlogin -r-sr-xr-x 1 root bin 4184 Feb 3 17:32:21 1995 > /usr/bin/rsh -r-sr-xr-x 1 root bin 548 Feb 3 17:34:37 1995 > /usr/bin/rundos -r-sr-xr-x 1 root bin 2192 Feb 3 17:32:35 1995 > /usr/bin/su -r-xr-sr-x 1 bin kmem 32768 Feb 3 17:34:40 1995 > /usr/bin/systat -r-s--x--- 2 uucp dialer 28672 Feb 3 17:32:42 1995 > /usr/bin/tip -r-xr-sr-x 2 bin kmem 12288 Feb 3 17:33:53 1995 > /usr/bin/uptime ---s--s--x 1 uucp uucp 40960 Feb 3 17:33:16 1995 > /usr/bin/uucp ---s--s--x 1 uucp uucp 20480 Feb 3 17:33:26 1995 > /usr/bin/uuname -r-sr-sr-x 1 uucp uucp 3168 Feb 3 17:33:28 1995 > /usr/bin/uusnap ---s--s--x 1 uucp uucp 36864 Feb 3 17:33:18 1995 > /usr/bin/uux -r-sr-xr-x 1 root bin 1708 Aug 12 07:04:10 1995 > /usr/bin/vgafont -r-sr-xr-x 1 root bin 1936 Feb 3 17:34:42 1995 > /usr/bin/vgafont.orig -r-xr-sr-x 2 bin kmem 12288 Feb 3 17:33:53 > 1995 /usr/bin/w -r-xr-sr-x 1 bin tty 2828 Feb 3 17:33:55 1995 > /usr/bin/wall -r-xr-sr-x 1 bin tty 2684 Feb 3 17:34:04 1995 > /usr/bin/write -r-x--s--x 1 bin mail 233472 Aug 12 07:04:51 1995 > /usr/contrib/bin/elm -r-x--s--x 1 bin mail 233472 Feb 3 15:53:59 > 1995 /usr/contrib/bin/elm.orig -rwsr-x--- 1 root wheel 24576 Feb 3 > 16:18:57 1995 /usr/contrib/bin/gdc -rwsr-xr-x 1 root bin 28672 Feb 3 > 16:18:55 1995 /usr/contrib/bin/ospf_monitor -r-sr-xr-x 1 root bin > 126976 Feb 3 16:37:11 1995 /usr/contrib/bin/screen -r-sr-xr-x 1 root > bin 258048 Aug 12 07:05:30 1995 /usr/contrib/bin/suidperl -r-sr-xr-x > 1 root bin 258048 Feb 3 16:34:59 1995 /usr/contrib/bin/suidperl.orig > -r-xr-sr-x 1 bin kmem 24576 Feb 3 16:58:01 1995 /usr/contrib/bin/top > -r-sr-x--- 1 root news 12288 Feb 3 16:29:29 1995 > /usr/contrib/lib/news/bin/ctlinnd -r-xr-sr-x 1 news news 28672 Feb 3 > 16:29:27 1995 /usr/contrib/lib/news/inews -r-xr-sr-x 1 news news > 16384 Feb 3 16:29:28 1995 /usr/contrib/lib/news/rnews -r-sr-xr-x 1 > root bin 12288 Feb 3 17:21:45 1995 /usr/libexec/bugfiler -r-sr-xr-x > 1 root bin 3100 Feb 3 17:22:02 1995 /usr/libexec/mail.local > ---s--s--x 2 uucp uucp 90112 Feb 3 17:33:15 1995 /usr/libexec/uucico > ---s--s--- 1 uucp uucp 32768 Feb 3 17:33:22 1995 > /usr/libexec/uusched ---s--s--- 1 uucp uucp 45056 Feb 3 17:33:20 > 1995 /usr/libexec/uuxqt -r-xr-s--- 1 bin operator 35604 Feb 3 > 17:22:24 1995 /usr/old/disksetup -r-xr-sr-x 1 bin kmem 3040 Feb 3 > 17:36:45 1995 /usr/sbin/iostat -r-xr-sr-x 1 bin daemon 16384 Feb 3 > 17:35:21 1995 /usr/sbin/lpc -r-xr-sr-x 1 bin kmem 49152 Feb 3 > 17:35:43 1995 /usr/sbin/netstat -r-xr-sr-x 1 bin kmem 12288 Feb 3 > 17:35:46 1995 /usr/sbin/pstat -r-sr-sr-x 3 root kmem 147456 Aug 12 > 07:05:09 1995 /usr/sbin/sendmail -r-sr-sr-x 1 root kmem 147456 Feb 7 > 15:24:01 1995 /usr/sbin/sendmail.orig -r-sr-x--- 1 root netdial 3192 > Feb 3 17:36:23 1995 /usr/sbin/sliplogin -r-sr-xr-x 1 root bin 12288 > Feb 3 17:36:30 1995 /usr/sbin/timedc -r-sr-xr-x 1 root bin 12288 Feb > 3 17:36:31 1995 /usr/sbin/traceroute -r-xr-sr-x 1 bin kmem 3716 Feb > 3 17:36:32 1995 /usr/sbin/trpt -r-xr-sr-x 1 bin kmem 4324 Feb 3 > 17:36:33 1995 /usr/sbin/trsp ---s--s--x 2 uucp uucp 90112 Feb 3 > 17:33:15 1995 /usr/sbin/uucico ---s--s--x 1 uucp uucp 20480 Feb 3 > 17:33:25 1995 /usr/sbin/uuparams -r-xr-sr-x 1 bin kmem 12288 Feb 3 > 17:36:35 1995 /usr/sbin/vmstat > > > Checking special files and directories: > dev/fd: permissions (0755, 0555) >