Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Weird setuid diffs on server

Discussion in 'General Discussion' started by nyjimbo, Nov 21, 2005.

  1. nyjimbo

    nyjimbo Well-Known Member

    Jan 25, 2003
    Likes Received:
    Trophy Points:
    New York
    My normal morning system security message sent this along today from one of my systems:
    Checking setuid files and devices: setuid diffs:
    > 421082 -rwsr-xr-x 1 root wheel 13604 Oct 9 08:46:42 2002

    Checking for uids of 0:
    root 0
    toor 0

    Its a older freebsd box. The date and time match all other files in that directory except stuff I updated over the past couple years.

    So it seems like the file was recently setuid however the date and size are the same. Whats weird is I dont recall doing anything to it. I checked a new Cpanel-based box I am playing with and it has the same -rwsr-xr-x settings. Other non-cpanel boxes just show r-sr-x-r-x.

    I dont see anything in /tmp,/dev/,/etc/,/var/tmp, nothing weird on logs or anything running.

    Any reason why that message would have come up now?. I disabled traceroute in cpanel after seeing this and its now -rwx--------- just in case.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice