[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Cron error: setuid.today: No such file

On Mon, 20 Nov 1995, Gerald Jensen wrote:

> diff: /var/log/setuid.today: No such file or directory
> I believe the program that causes this is '/usr/sbin/checksecurity'.
> It tries to compare a nonexistent 'setuid.today' file with another
> file.  I assume the 'setuid.today' file is supposed to contain an
> entry for every time the 'su' command is called.  Is this correct?  If
> so, what do I need to do to add this 'su' logging as it is not on by
> default?  Also, the 'checksecurity' program should be changed in the
> distribution so that it first checks to see if the 'setuid.today' file
> exists before it tries to call 'cmp' since I am assuming that, even
> when this logging is turned on, 'setuid.today' would only exist for
> days that 'su' was called.

Just "touch /var/log/setuid.today" and the error message will go away.

The checksecurity scans your filesystem(s) for programs with the setuid
bit set - amongst other things, this is useful if you want to know when
someone has hacked your system and left behind a setuid back door into
your system.

Under normal circumstances, the setuid log will only change when a) you
make a program setuid for your own good reasons, b) when you install new
software which has an setuid program, or c) Bad People doing Naughty

The script is an automated monitor which keeps an eye on this for you.

e.g. You may have careleslly given some trusted person su or sudo access
and they've decided to abuse those priviledges by hiding a setuid root
shell somewhere on the system.  If this happens you want to know about
it ASAP.

(NOTE, this may not be the 100% accurate "official" definition,
but it seems pretty obvious from reading the shell script


  cas@muffin.pronet.com                                cas@muffin.apana.org.au
   *       Unix Consulting:  Installation, Configuration, & Support.        *
   * --- Also, contact me if you need your Dos/Win/OS2 LAN connected to --- *
   * --- the Internet.                                                  --- *

Reply to: