The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Weird setuid diffs on server

Discussion in 'General Discussion' started by nyjimbo, Nov 21, 2005.

  1. nyjimbo

    nyjimbo Well-Known Member

    Jan 25, 2003
    Likes Received:
    Trophy Points:
    New York
    My normal morning system security message sent this along today from one of my systems:
    Checking setuid files and devices: setuid diffs:
    > 421082 -rwsr-xr-x 1 root wheel 13604 Oct 9 08:46:42 2002

    Checking for uids of 0:
    root 0
    toor 0

    Its a older freebsd box. The date and time match all other files in that directory except stuff I updated over the past couple years.

    So it seems like the file was recently setuid however the date and size are the same. Whats weird is I dont recall doing anything to it. I checked a new Cpanel-based box I am playing with and it has the same -rwsr-xr-x settings. Other non-cpanel boxes just show r-sr-x-r-x.

    I dont see anything in /tmp,/dev/,/etc/,/var/tmp, nothing weird on logs or anything running.

    Any reason why that message would have come up now?. I disabled traceroute in cpanel after seeing this and its now -rwx--------- just in case.

Share This Page