[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-list] Permissions and ownership of /etc/hosts.deny
- To: <ossec-list@xxxxxxxxx>
- Subject: [ossec-list] Permissions and ownership of /etc/hosts.deny
- From: "Drew Myers" <drew.myers@xxxxxxxxxxxxxxxxx>
- Date: Wed, 2 May 2007 09:36:51 -0500
- Content-class: urn:content-classes:message
- Content-transfer-encoding: quoted-printable
- Thread-index: AceMx1JP54OACIRYQ+y5PhYkewi33Q==
- Thread-topic: Permissions and ownership of /etc/hosts.deny
Hi,
I'm new to OSSEC.
I recently received an email indicating some sort of a rootkit attempt
on one of my servers, due to improper permissions on /etc/hosts.deny.
Here's the applicable portion of the message:
> Rule: 14 fired (level 8) -> "Rootkit detection engine message"
Portion of the log(s):
>File '/etc/hosts.deny' is owned by root and has written permissions to
anyone.
When I checked, the file was owned by root:ossec, with permissions of
0666. After much investigation and comparison with other systems in my
environment, I can find no indication of anything amiss. My key
binaries all appear to be untouched (checksums, permissions, sizes all
match), so it appears the only real "change" is the ownership and
permissions of /etc/hosts.deny itself.
I would expect the permissions for this file should be 0644 and
root.root. Am I wrong?
Is this a known issue, or have I screwed up my configuration somehow? Do
I need to correct a script and submit a patch?
Thanks,
Drew
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.