Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Weird setuid diffs on server

Discussion in 'General Discussion' started by nyjimbo, Nov 21, 2005.

  1. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,129
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    New York
    My normal morning system security message sent this along today from one of my systems:
    ----------
    Checking setuid files and devices:
    xxxxxxx.com setuid diffs:
    95a96
    > 421082 -rwsr-xr-x 1 root wheel 13604 Oct 9 08:46:42 2002
    /usr/sbin/traceroute

    Checking for uids of 0:
    root 0
    toor 0

    -----------
    Its a older freebsd box. The date and time match all other files in that directory except stuff I updated over the past couple years.

    So it seems like the file was recently setuid however the date and size are the same. Whats weird is I dont recall doing anything to it. I checked a new Cpanel-based box I am playing with and it has the same -rwsr-xr-x settings. Other non-cpanel boxes just show r-sr-x-r-x.

    I dont see anything in /tmp,/dev/,/etc/,/var/tmp, nothing weird on logs or anything running.

    Any reason why that message would have come up now?. I disabled traceroute in cpanel after seeing this and its now -rwx--------- just in case.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice