setuid and setgid security issues -is system compromized?
Andrew
virgule88 at videotron.ca
Mon Jan 31 13:21:07 MST 2005
On Sun, 30 Jan 2005 20:41:05 -0600
Felix Jodoin <felixj at shaw.ca> wrote:
> Sorry, my bad.
??????????????
> Andrew:
> Also check that no new users are appearing in the password file. If you think the system has been comprimised, changing the passwords is the first thing you should probably do.
Done.
There is two /etc/passwd files in here. The other is named '/etc/passwd-' and has this extra line :
cyrus:x:76:12:Cyrus IMAP Server:/var/lib/imap:/bin/bash
I compared them with 'comm' since 'cmp' is nowhere to be seen (is this normal?)
]$ su -c 'comm -3 /etc/passwd /etc/passwd-'
user1:x:500:500::/home/user1:/bin/bash
user2:x:501:501::/home/user2:/bin/bash
cyrus:x:76:12:Cyrus IMAP Server:/var/lib/imap:/bin/bash
user1:x:500:500::/home/user1:/bin/bash
user2:x:501:501::/home/user2:/bin/bash
Cyrus IMAP server? Is that a mail server?
These package are installed, I guess I should remove them.
]$ rpm -qa | grep yrus
perl-Cyrus-2.2.3-11
cyrus-sasl-2.1.18-2
cyrus-sasl-md5-2.1.18-2
More information about the yellowdog-general
mailing list