Hi!
I believe it's a simple hack to add -type f to the "find"...
Bye
Eduard
--- Mario Neubert <mario_neubert@xxxxxx> wrote:
> Hello Gunther
>
> yes this is normal because the security-script runs a find for
> files and
> use it as input into ls(1) or whatever. What happens when
> you get empty input? By default the ls lists the current
> working
> directory and therefor this output. See
> /usr/lib/secchk/security~ekly.sh
> line ~ 90-124.
>
>
> cu mario
>
>
>
>
> > -----Original Message-----
> > From: Gunther Stammwitz [mailto:gstammw@xxxxxxx]
> > Sent: Monday, April 14, 2003 1:09 AM
> > To: suse-security@xxxxxxxx
> > Subject: [suse-security] Weekly-check: Is this normal ?
> >
> >
> > Hello List,
> >
> >
> > I've just received the weekly-check-report from one of my
> > servers running
> > suse 8.0
> > There's a very annying message because a file called "." has
>
> > been changed.
> >
> > Do you think this is normal or did a hacker start installing
>
> > rootkits ?
> >
> > Greetings,
> > Gunther
> >
> >
> > SuSE weekly security check v2.0 by Marc Heuse <marc@xxxxxxx>
>
> > This is an
> > automated mail by the seccheck tool. If you want to disable
> > this service,
> > just type "mv /etc/cron.d/seccheck
> /etc/cron.d_seccheck.save".
> >
> > DISCLAIMER
> >
> > Please note that these security checks are neither complete
> > nor reliable.
> > Any attacker with proper experience and root access to your
> system can
> > deceive *any* security check!
> >
> > [..]
> >
> > Please check and perhaps disable the following unused
> accounts:
> >
> > The following files are suid/sgid:
> > - drwx------ 7 root root 4096 Tue Dec 31
> > 15:28:17 2002 .
> > + drwx------ 7 root root 4096 Sat Apr 12
> > 15:30:15 2003 .
> >
> > The following program executables are group/world writeable:
> > - drwx------ 7 root root 4096 Tue Dec 31
> > 15:28:17 2002 .
> > + drwx------ 7 root root 4096 Sat Apr 12
> > 15:30:15 2003 .
> >
> > The following devices were added:
> > - drwx------ root root 4096 Dec
> > + drwx------ root root 4096 Apr
> >
> >
> > --
> > Check the headers for your unsubscription address
> > For additional commands, e-mail: suse-security-help@xxxxxxxx
> > Security-related bug reports go to security@xxxxxxx, not
> here
> >
>
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
>
__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - File online, calculators, forms, and more
http://tax.yahoo.com
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here