Both of these are dangerous. You should fix these now:
# chmod 600 /etc/shadow*
If you can't do it, you should find someone who can.
NOW.
And change all the passwords on the system. This is a
major/hole/security breach.
Jeff
Barbara wrote:
>
> ->I don't know about the default entries but mine
> ->are the same
> ->-r-------- 1 root root 6675 Jan 30 11:56 shadow
> ->-r-------- 1 root root 6614 Jan 23 10:13 shadow-
>
> I have two RaQ3's that were restored in Feb 01 after
> the BIND exploits, and both show permissions of
>
> -rw-r--r-- 1 root root 3230 Feb 4 22:39 shadow
> -rw-r--r-- 1 root root 3274 Feb 4 22:38 shadow-
>
> while I just leased another RaQ3 (fresh install) and
> it's showing permissions of
>
> -rw-r--r-- 1 root root 1931 Jan 25 17:48 shadow
> -r-------- 1 root root 1931 Jan 12 00:52 shadow-
>
> Wonder if the first systems were rebuilt off an
> original (older) restore disk, and the last machine
> was loaded with a more recent version?
>
> __________________________________________________
> Do You Yahoo!?
> Send FREE Valentine eCards with Yahoo! Greetings!
> http://greetings.yahoo.com
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
--
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net
P. O. Box 52672, Riverside, CA 92517
voice: (909) 778-9980 * fax: (702) 548-9484
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security