On 2/28/07, Ben Collins <[EMAIL PROTECTED]> wrote:
On Wed, 2007-02-28 at 11:09 -0500, Ari Johnson wrote:
> On 2/28/07, Ben Collins <[EMAIL PROTECTED]> wrote:
> > On Wed, 2007-02-28 at 09:40 -0500, Ari Johnson wrote:
> > > Package: sxid
> > > Version: 4.0.5
> > > Severity: normal
> > >
> > > The sxid program e-mails a list of files every day that it claims have
> > > changed md5sums. The list appears to include every suid or sgid file on
> > > my system, suggesting that the md5sum comparison performed by sxid
> > > simply does not work. I chose a sample from the list (/bin/su) and
> > > manually collected the output of md5sum and stat on it both before and
> > > after an sxid run. The output of both was identical, other than the
> > > last-accessed date from stat.
> >
> > A sample of the email would be helpful.
>
> Pasted in full (hostname redacted) below:
> Checking for changed attributes or sums/inodes:
> m /usr/lib/cgi-bin/mailman/private root:list 2755
> m /usr/lib/cgi-bin/mailman/options root:list 2755
> m /usr/lib/cgi-bin/mailman/roster root:list 2755
> m /usr/lib/cgi-bin/mailman/rmlist root:list 2755
Thanks, can you send your /etc/sxid.conf as well?
--
Ubuntu: http://www.ubuntu.com/
Linux1394: http://www.linux1394.org/
In full, minus comments and blank lines:
SEARCH = "/"
EXCLUDE = "/proc /mnt /cdrom /floppy"
EMAIL = "root"
ALWAYS_NOTIFY = "no"
LOG_FILE = "/var/log/sxid.log"
KEEP_LOGS = "5"
ALWAYS_ROTATE = "no"
FORBIDDEN = "/home /tmp"
ENFORCE = "no"
LISTALL = "no"
IGNORE_DIRS = "/home /var/mail"
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
