[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] RPM Question

Subject: [cobalt-security] RPM Question
From: Peter Frederick <pfred@xxxxxxxxx>
Date: Fri, 02 May 2003 09:48:56 -0500
Organization: Indiana Packers Corporation
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Platform: Qube3 Business - all current patches except experimental Samba
patch

After following some security discussions I added some rpm verify commands
to a script I run nightly that does some security checks (runs
chkrootkit0.40, files without owners, files with setuid.

I get the following appearing:

rpm -V net-tools
.M......   /usr/share/locale/de/LC_MESSAGES/net-tools.mo
.M......   /usr/share/locale/fr/LC_MESSAGES/net-tools.mo

This is telling me there is a problem with Mode (includes permissions and
file type) of these two files (I think)


I looked at the RPM manual page and found that a 

rpm -q -l --dump net-tools

will output a detailed listing of files that make up the package and what
it knows about each of the files:

path size mtime md5sum MODE owner group isconfig  isdoc  rdev  sym-link.

/usr/share/locale/de/LC_MESSAGES/net-tools.mo 46631
95998937686895ed1e681e1899aeb225d45ba7735 0100644 root root 0 0 0 X
                                          -------
/usr/share/locale/fr/LC_MESSAGES/net-tools.mo 40920
959989376d4fa9ed7191ad0a00cf2556950414922 0100644 root root 0 0 0 X
                                          -------


Directory listing of the above 2 suspect files:

cd /usr/share/locale/de/LC_MESSAGES; ls -l net-tools.mo
-rwxr-xr-x    1 root     root        46631 Jun  2  2000 net-tools.mo

cd /usr/share/locale/fr/LC_MESSAGES/; ls -l net-tools.mo
-rwxr-xr-x    1 root     root        40920 Jun  2  2000 net-tools.mo


Should I just do a chmod 644 on these two files or should I change the
package contents somehow? I haven't tampered with these files - this is how
they came in as far as I can see. 

chmod 644 net-ttols.mo will make the 'rpm -V' happy.....

Just trying to understand a bit more about it all.

Thanks in advance
Peter

-- 
Peter Frederick
MIS Director, Indiana Packers Corp, Delphi IN
Phone: (765) 564-9705   Fax: (765) 564-3684
Work: pfred@xxxxxxxxx   (Qube3 Professional running 6.4)
============================================================================
'Tis better to light one candle than to curse the darkness a thousand times!

Follow-Ups:
- Re: [cobalt-security] RPM Question
  - From: Michael Stauber
- RE: [cobalt-security] RPM Question
  - From: Gavin Nelmes-Crocker

Prev by Date: [cobalt-security] Raq550 and glibc update
Next by Date: Re: [cobalt-security] Raq550 and glibc update
Previous by thread: Re: [cobalt-security] RaQ4-All-Security-2.0.1-16343.pkg update broke GUI on RaQ4
Next by thread: Re: [cobalt-security] RPM Question

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index