[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] /tmp/-v ?
- Subject: Re: [cobalt-security] /tmp/-v ?
- From: shimi <shimi@xxxxxxxxxxxxxxxx>
- Date: Sun, 27 May 2001 00:41:33 -0700 (PDT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Sun, 27 May 2001, Carrie Bartkowiak wrote:
> Hey guys,
> I found this tonight in my second server's /tmp folder:
> -rw-r--r-- 1 root root 11950080 May 20 10:39 -v
>
> It's big and when I try to read it with pico /tmp/-v I find out it's a
> copy of *old* server logfiles, html pages, and binaries (I assume
> images) for one particular site - going all the way back to October
> 2000, which encompasses me using 3 different RaQs (and moving this
> site from one to the next to the next)!!
> I don't get it... I didn't put this here. I have *no* idea how it got
> there.
>
> Ya think I can safely delete it? Any idea how it got there?
>
> CarrieB
>
well, it's not a system file so in my opinion it can be erased.
what I do wonder about is the owner of the file, that is, root.
it isn't a customer cgi script. unless your httpd runs as root (i hope
not!!!!), so it's either something the GUI did, or you did. or someone who
has root did :\
as in general. there are no system files at /tmp, simply because it's a
place to store *temporary* files. i know that windows put files in his
temp and never deletes them, but that's windows, it doesn't follow
standards :) so in my opinion, as how I can see my /tmp there's no
problem with erasing anything there (well, besides the mysql socket
file...)
that's my /tmp if you wanna look (raq3):
[shimi@www /tmp]$ ls -l
total 17
-rw-r--r-- 1 root root 3230 Mar 1 04:58
backup.1200.filelist
-rw------- 1 shimi users 0 Mar 15 13:43 crontab.23125
-rw-rw---- 1 mail root 0 Mar 14 06:44 majordomo.debug
srwxrwxrwx 1 mysql root 0 May 26 18:03 mysql.sock
-rw-rw-r-- 1 admin root 0 Mar 8 18:10 mysqlaccess.log
-rw-rw---- 1 mail root 0 Mar 14 07:32 resend.debug
-rw-rw-r-- 1 root root 789 May 24 17:19 sitelist.2001-05-24
-rw-rw-r-- 1 root root 642 May 25 04:06 sitelist.2001-05-25
-rw-rw-r-- 1 root root 932 May 26 04:04 sitelist.2001-05-26
-rw-rw-r-- 1 root root 595 May 26 04:09 siteview.domain
-rw-rw-r-- 1 root root 595 May 26 04:09 siteview.files
-rw-rw-r-- 1 root root 595 May 26 04:09 siteview.hits
-rw-rw-r-- 1 root root 595 May 26 04:09 siteview.kb
-rw-rw-r-- 1 root root 595 May 26 04:09 siteview.pages
-rw-rw-r-- 1 root root 595 May 26 04:09 siteview.visits
drwxr-xr-x 2 root root 1024 May 26 04:04 vhosts
-rw-rw-r-- 1 root root 2088 May 20 09:13 webmin-setup.out
- have fun.
HTH,
- shimi.