Date: Tue, 12 Jan 2016 19:06:06 -0500 From: "David W. Hodgins" <davidwhodgins@...il.com> To: oss-security@...ts.openwall.com Subject: Re: Discuss: Daily/weekly cron jobs best practices On Mon, 11 Jan 2016 05:25:11 -0500, Tim Brown <tmb@...35.com> wrote: > Not uncommon, we pop almost every UNIX box we touch this way, I assume you've > seen unix-privesc-check? Tried it. Too much output to be of any use. With complaints like I: [group_writable] /home/dave/home/dave/.gnupg/pubring.gpg is owned by user dave (group dave) and is group-writable (-rwxrwx---) W: [setgid] /usr/lib64/kde4/libexec/kdesud is setgid (root, nogroup): -rwxr-sr-x W: [setuid] /usr/bin/su is setuid (root, root): -rwsr-xr-x With 152149 lines going to stdout on my system, a quick skim of the output doesn't show anything useful. I don't see anything in the output that it's complaining about, that isn't as it should be. Regards, Dave Hodgins
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.