Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 12 Jan 2016 19:06:06 -0500
From: "David W. Hodgins" <davidwhodgins@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: Discuss: Daily/weekly cron jobs best practices

On Mon, 11 Jan 2016 05:25:11 -0500, Tim Brown <tmb@...35.com> wrote:

> Not uncommon, we pop almost every UNIX box we touch this way, I assume you've
> seen unix-privesc-check?

Tried it. Too much output to be of any use. With complaints like
I: [group_writable] /home/dave/home/dave/.gnupg/pubring.gpg is owned
  by user dave (group dave) and is group-writable (-rwxrwx---)
W: [setgid] /usr/lib64/kde4/libexec/kdesud is setgid (root, nogroup):
  -rwxr-sr-x
W: [setuid] /usr/bin/su is setuid (root, root): -rwsr-xr-x

With 152149 lines going to stdout on my system, a quick skim of the
output doesn't show anything useful. I don't see anything in the
output that it's complaining about, that isn't as it should be.

Regards, Dave Hodgins

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ