l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
December 2: Social gathering
Next Installfest:
TBD
Latest News:
Nov. 18: Club officer elections
Page last updated:
2003 Aug 11 08:24

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Things changing overnight
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Things changing overnight



On 2003.08.09 22:47, Ken Bloom wrote:
Sometime in the past few days, my modem /dev/ttyS4 changed its permissions from 660 to 640 without my intervention. My first question: is there any kind of security package on debian that might have done this as a cronjob? I don't use devfs.
I'm thinking this might now be the responsibility of /etc/init.d/
makedev, but haven't found the bug that would be causing this yet. (nothing on b.d.o describes this)

When asking on #debian, a user suggested that I check my logs to see if I had been hacked. I found in /var/logs/auth.log that the command `su` had been run to switch from user `root` to user `nobody` at 3:35 this morning, a time when I was not connected to the internet (I use ppp to connect through my modem). My second question: any idea what might have done this? (obviously, I'd like to avoid a reinstall)
I wasn't rooted. It seems that updatedb (called by /etc/init.d/find) does this as a part of its normal operation.

(I can't seem to find any cronjob that would be doing this, but it
would help if you had any suggestions)

I am running a Debian sarge/sid mixed box.

--
I usually have a GPG digital signature included as an attachment.
If you don't know what it is, either ignore it or visit www.gnupg.org
My PGP key was last signed 6/10/2003 please download my key again if
it is more recent than your copy. If you use GPG, *please* talk to
me to sign it. The key is keyID E2B2CAD1 on pgp.mit.edu

Attachment: pgp00001.pgp
Description: PGP signature



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!