warden.int.autonlab.org daily security run output
punosevac72 at gmail.com
punosevac72 at gmail.com
Sat Aug 22 03:20:38 EDT 2015
Checking setuid files and devices:
warden.int.autonlab.org setuid diffs:
--- /var/log/setuid.today 2015-07-25 03:01:38.000000000 -0400
+++ /tmp/security.QLB1PI8F 2015-08-22 03:01:45.296305264 -0400
@@ -1,71 +1,71 @@
- 65 -r-sr-xr-x 1 root wheel 19440 May 14 12:51:21 2015 /bin/rcp
-12380 -r-sr-xr-- 1 root operator 9520 May 14 12:51:47 2015 /sbin/mksnap_ffs
-12436 -r-sr-xr-x 1 root wheel 27616 May 14 12:51:49 2015 /sbin/ping
-12386 -r-sr-xr-x 1 root wheel 36520 May 14 12:51:49 2015 /sbin/ping6
-12379 -r-sr-xr-- 2 root operator 15240 May 14 12:51:49 2015 /sbin/poweroff
-12379 -r-sr-xr-- 2 root operator 15240 May 14 12:51:49 2015 /sbin/shutdown
-11822 -r-sr-xr-x 4 root wheel 27880 May 14 12:52:17 2015 /usr/bin/at
-11822 -r-sr-xr-x 4 root wheel 27880 May 14 12:52:17 2015 /usr/bin/atq
-11822 -r-sr-xr-x 4 root wheel 27880 May 14 12:52:17 2015 /usr/bin/atrm
-11822 -r-sr-xr-x 4 root wheel 27880 May 14 12:52:17 2015 /usr/bin/batch
-11777 -r-xr-sr-x 1 root kmem 12712 May 14 12:52:17 2015 /usr/bin/btsockstat
-11744 -r-sr-xr-x 6 root wheel 21768 May 14 12:52:19 2015 /usr/bin/chfn
-11744 -r-sr-xr-x 6 root wheel 21768 May 14 12:52:19 2015 /usr/bin/chpass
-11744 -r-sr-xr-x 6 root wheel 21768 May 14 12:52:19 2015 /usr/bin/chsh
-11843 -r-sr-xr-x 1 root wheel 32296 May 14 12:52:42 2015 /usr/bin/crontab
-11720 -r-sr-xr-x 1 root wheel 11032 May 14 12:52:24 2015 /usr/bin/lock
-11904 -r-sr-xr-x 1 root wheel 25256 May 14 12:52:24 2015 /usr/bin/login
-11914 -r-sr-sr-x 1 root daemon 32232 May 14 12:52:46 2015 /usr/bin/lpq
-11827 -r-sr-sr-x 1 root daemon 37736 May 14 12:52:46 2015 /usr/bin/lpr
-11902 -r-sr-sr-x 1 root daemon 31960 May 14 12:52:46 2015 /usr/bin/lprm
-11804 -r-xr-sr-x 1 root kmem 144312 May 14 12:52:26 2015 /usr/bin/netstat
-11868 -r-sr-xr-x 1 root wheel 6776 May 14 12:52:27 2015 /usr/bin/opieinfo
-11819 -r-sr-xr-x 1 root wheel 13400 May 14 12:52:27 2015 /usr/bin/opiepasswd
-11840 -r-sr-xr-x 2 root wheel 7928 May 14 12:52:27 2015 /usr/bin/passwd
-11647 -r-sr-xr-x 1 root wheel 15240 May 14 12:52:27 2015 /usr/bin/quota
-11662 -r-sr-xr-x 1 root wheel 15192 May 14 12:52:27 2015 /usr/bin/rlogin
-11707 -r-sr-xr-x 1 root wheel 11168 May 14 12:52:28 2015 /usr/bin/rsh
-11892 -r-sr-xr-x 1 root wheel 17200 May 14 12:52:28 2015 /usr/bin/su
-11728 -r-xr-sr-x 1 root tty 15600 May 14 12:52:33 2015 /usr/bin/wall
-11946 -r-xr-sr-x 1 root tty 11608 May 14 12:52:33 2015 /usr/bin/write
-11744 -r-sr-xr-x 6 root wheel 21768 May 14 12:52:19 2015 /usr/bin/ypchfn
-11744 -r-sr-xr-x 6 root wheel 21768 May 14 12:52:19 2015 /usr/bin/ypchpass
-11744 -r-sr-xr-x 6 root wheel 21768 May 14 12:52:19 2015 /usr/bin/ypchsh
-11840 -r-sr-xr-x 2 root wheel 7928 May 14 12:52:27 2015 /usr/bin/yppasswd
+ 25356 -r-sr-xr-x 1 root wheel 19440 Aug 21 13:57:06 2015 /bin/rcp
+ 25924 -r-sr-xr-- 1 root operator 9520 Aug 21 13:57:09 2015 /sbin/mksnap_ffs
+ 25992 -r-sr-xr-x 1 root wheel 27616 Aug 21 13:57:09 2015 /sbin/ping
+ 25996 -r-sr-xr-x 1 root wheel 40184 Aug 21 13:57:09 2015 /sbin/ping6
+ 26000 -r-sr-xr-- 2 root operator 15240 Aug 21 13:57:09 2015 /sbin/poweroff
+ 26000 -r-sr-xr-- 2 root operator 15240 Aug 21 13:57:09 2015 /sbin/shutdown
+ 26112 -r-sr-xr-x 4 root wheel 27880 Aug 21 13:57:10 2015 /usr/bin/at
+ 26112 -r-sr-xr-x 4 root wheel 27880 Aug 21 13:57:10 2015 /usr/bin/atq
+ 26112 -r-sr-xr-x 4 root wheel 27880 Aug 21 13:57:10 2015 /usr/bin/atrm
+ 26112 -r-sr-xr-x 4 root wheel 27880 Aug 21 13:57:10 2015 /usr/bin/batch
+ 26180 -r-xr-sr-x 1 root kmem 12712 Aug 21 13:57:10 2015 /usr/bin/btsockstat
+ 26232 -r-sr-xr-x 6 root wheel 21768 Aug 21 13:57:10 2015 /usr/bin/chfn
+ 26232 -r-sr-xr-x 6 root wheel 21768 Aug 21 13:57:10 2015 /usr/bin/chpass
+ 26232 -r-sr-xr-x 6 root wheel 21768 Aug 21 13:57:10 2015 /usr/bin/chsh
+ 26300 -r-sr-xr-x 1 root wheel 32296 Aug 21 13:57:10 2015 /usr/bin/crontab
+ 26621 -r-sr-xr-x 1 root wheel 11032 Aug 21 13:57:12 2015 /usr/bin/lock
+ 26627 -r-sr-xr-x 1 root wheel 25256 Aug 21 13:57:12 2015 /usr/bin/login
+ 26637 -r-sr-sr-x 1 root daemon 32232 Aug 21 13:57:12 2015 /usr/bin/lpq
+ 26639 -r-sr-sr-x 1 root daemon 37736 Aug 21 13:57:12 2015 /usr/bin/lpr
+ 26641 -r-sr-sr-x 1 root daemon 31960 Aug 21 13:57:12 2015 /usr/bin/lprm
+ 26695 -r-xr-sr-x 1 root kmem 144440 Aug 21 13:57:13 2015 /usr/bin/netstat
+ 26719 -r-sr-xr-x 1 root wheel 6776 Aug 21 13:57:13 2015 /usr/bin/opieinfo
+ 26723 -r-sr-xr-x 1 root wheel 13400 Aug 21 13:57:13 2015 /usr/bin/opiepasswd
+ 26725 -r-sr-xr-x 2 root wheel 7928 Aug 21 13:57:13 2015 /usr/bin/passwd
+ 26757 -r-sr-xr-x 1 root wheel 15248 Aug 21 13:57:14 2015 /usr/bin/quota
+ 26787 -r-sr-xr-x 1 root wheel 15192 Aug 21 13:57:14 2015 /usr/bin/rlogin
+ 26795 -r-sr-xr-x 1 root wheel 11168 Aug 21 13:57:14 2015 /usr/bin/rsh
+ 26859 -r-sr-xr-x 1 root wheel 17200 Aug 21 13:57:14 2015 /usr/bin/su
+ 26961 -r-xr-sr-x 1 root tty 15600 Aug 21 13:57:16 2015 /usr/bin/wall
+ 26975 -r-xr-sr-x 1 root tty 11608 Aug 21 13:57:16 2015 /usr/bin/write
+ 26232 -r-sr-xr-x 6 root wheel 21768 Aug 21 13:57:10 2015 /usr/bin/ypchfn
+ 26232 -r-sr-xr-x 6 root wheel 21768 Aug 21 13:57:10 2015 /usr/bin/ypchpass
+ 26232 -r-sr-xr-x 6 root wheel 21768 Aug 21 13:57:10 2015 /usr/bin/ypchsh
+ 26725 -r-sr-xr-x 2 root wheel 7928 Aug 21 13:57:13 2015 /usr/bin/yppasswd
55 -r-sr-xr-x 1 root wheel 19440 May 14 12:51:21 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/bin/rcp
-12372 -r-sr-xr-- 1 root operator 9520 May 14 12:51:47 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/sbin/mksnap_ffs
-12428 -r-sr-xr-x 1 root wheel 27616 May 14 12:51:49 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/sbin/ping
-12378 -r-sr-xr-x 1 root wheel 36520 May 14 12:51:49 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/sbin/ping6
-12371 -r-sr-xr-- 2 root operator 15240 May 14 12:51:49 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/sbin/poweroff
-12371 -r-sr-xr-- 2 root operator 15240 May 14 12:51:49 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/sbin/shutdown
-11814 -r-sr-xr-x 4 root wheel 27880 May 14 12:52:17 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/at
-11814 -r-sr-xr-x 4 root wheel 27880 May 14 12:52:17 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/atq
-11814 -r-sr-xr-x 4 root wheel 27880 May 14 12:52:17 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/atrm
-11814 -r-sr-xr-x 4 root wheel 27880 May 14 12:52:17 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/batch
-11769 -r-xr-sr-x 1 root kmem 12712 May 14 12:52:17 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/btsockstat
-11736 -r-sr-xr-x 6 root wheel 21768 May 14 12:52:19 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/chfn
-11736 -r-sr-xr-x 6 root wheel 21768 May 14 12:52:19 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/chpass
-11736 -r-sr-xr-x 6 root wheel 21768 May 14 12:52:19 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/chsh
-11835 -r-sr-xr-x 1 root wheel 32296 May 14 12:52:42 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/crontab
-11712 -r-sr-xr-x 1 root wheel 11032 May 14 12:52:24 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/lock
-11896 -r-sr-xr-x 1 root wheel 25256 May 14 12:52:24 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/login
-11906 -r-sr-sr-x 1 root daemon 32232 May 14 12:52:46 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/lpq
-11819 -r-sr-sr-x 1 root daemon 37736 May 14 12:52:46 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/lpr
-11894 -r-sr-sr-x 1 root daemon 31960 May 14 12:52:46 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/lprm
-11796 -r-xr-sr-x 1 root kmem 144312 May 14 12:52:26 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/netstat
-11860 -r-sr-xr-x 1 root wheel 6776 May 14 12:52:27 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/opieinfo
-11811 -r-sr-xr-x 1 root wheel 13400 May 14 12:52:27 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/opiepasswd
-11832 -r-sr-xr-x 2 root wheel 7928 May 14 12:52:27 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/passwd
-11639 -r-sr-xr-x 1 root wheel 15240 May 14 12:52:27 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/quota
-11654 -r-sr-xr-x 1 root wheel 15192 May 14 12:52:27 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/rlogin
-11699 -r-sr-xr-x 1 root wheel 11168 May 14 12:52:28 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/rsh
-11884 -r-sr-xr-x 1 root wheel 17200 May 14 12:52:28 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/su
-11720 -r-xr-sr-x 1 root tty 15600 May 14 12:52:33 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/wall
-11938 -r-xr-sr-x 1 root tty 11608 May 14 12:52:33 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/write
-11736 -r-sr-xr-x 6 root wheel 21768 May 14 12:52:19 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/ypchfn
-11736 -r-sr-xr-x 6 root wheel 21768 May 14 12:52:19 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/ypchpass
-11736 -r-sr-xr-x 6 root wheel 21768 May 14 12:52:19 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/ypchsh
-11832 -r-sr-xr-x 2 root wheel 7928 May 14 12:52:27 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/yppasswd
+ 12372 -r-sr-xr-- 1 root operator 9520 May 14 12:51:47 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/sbin/mksnap_ffs
+ 12428 -r-sr-xr-x 1 root wheel 27616 May 14 12:51:49 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/sbin/ping
+ 12378 -r-sr-xr-x 1 root wheel 36520 May 14 12:51:49 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/sbin/ping6
+ 12371 -r-sr-xr-- 2 root operator 15240 May 14 12:51:49 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/sbin/poweroff
+ 12371 -r-sr-xr-- 2 root operator 15240 May 14 12:51:49 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/sbin/shutdown
+ 11814 -r-sr-xr-x 4 root wheel 27880 May 14 12:52:17 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/at
+ 11814 -r-sr-xr-x 4 root wheel 27880 May 14 12:52:17 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/atq
+ 11814 -r-sr-xr-x 4 root wheel 27880 May 14 12:52:17 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/atrm
+ 11814 -r-sr-xr-x 4 root wheel 27880 May 14 12:52:17 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/batch
+ 11769 -r-xr-sr-x 1 root kmem 12712 May 14 12:52:17 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/btsockstat
+ 11736 -r-sr-xr-x 6 root wheel 21768 May 14 12:52:19 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/chfn
+ 11736 -r-sr-xr-x 6 root wheel 21768 May 14 12:52:19 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/chpass
+ 11736 -r-sr-xr-x 6 root wheel 21768 May 14 12:52:19 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/chsh
+ 11835 -r-sr-xr-x 1 root wheel 32296 May 14 12:52:42 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/crontab
+ 11712 -r-sr-xr-x 1 root wheel 11032 May 14 12:52:24 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/lock
+ 11896 -r-sr-xr-x 1 root wheel 25256 May 14 12:52:24 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/login
+ 11906 -r-sr-sr-x 1 root daemon 32232 May 14 12:52:46 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/lpq
+ 11819 -r-sr-sr-x 1 root daemon 37736 May 14 12:52:46 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/lpr
+ 11894 -r-sr-sr-x 1 root daemon 31960 May 14 12:52:46 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/lprm
+ 11796 -r-xr-sr-x 1 root kmem 144312 May 14 12:52:26 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/netstat
+ 11860 -r-sr-xr-x 1 root wheel 6776 May 14 12:52:27 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/opieinfo
+ 11811 -r-sr-xr-x 1 root wheel 13400 May 14 12:52:27 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/opiepasswd
+ 11832 -r-sr-xr-x 2 root wheel 7928 May 14 12:52:27 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/passwd
+ 11639 -r-sr-xr-x 1 root wheel 15240 May 14 12:52:27 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/quota
+ 11654 -r-sr-xr-x 1 root wheel 15192 May 14 12:52:27 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/rlogin
+ 11699 -r-sr-xr-x 1 root wheel 11168 May 14 12:52:28 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/rsh
+ 11884 -r-sr-xr-x 1 root wheel 17200 May 14 12:52:28 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/su
+ 11720 -r-xr-sr-x 1 root tty 15600 May 14 12:52:33 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/wall
+ 11938 -r-xr-sr-x 1 root tty 11608 May 14 12:52:33 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/write
+ 11736 -r-sr-xr-x 6 root wheel 21768 May 14 12:52:19 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/ypchfn
+ 11736 -r-sr-xr-x 6 root wheel 21768 May 14 12:52:19 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/ypchpass
+ 11736 -r-sr-xr-x 6 root wheel 21768 May 14 12:52:19 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/ypchsh
+ 11832 -r-sr-xr-x 2 root wheel 7928 May 14 12:52:27 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/bin/yppasswd
187 -r-xr-sr-x 1 root smmsp 696232 May 14 12:52:51 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/libexec/sendmail/sendmail
101 -r-sr-xr-x 1 root wheel 38568 May 14 12:51:54 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/libexec/ssh-keysign
107 -r-sr-xr-x 1 root wheel 5592 May 14 12:51:19 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/libexec/ulog-helper
@@ -77,23 +77,23 @@
487 -r-sr-xr-x 1 root wheel 28032 May 14 12:52:52 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/sbin/traceroute
576 -r-sr-xr-x 1 root wheel 23592 May 14 12:52:52 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/sbin/traceroute6
558 -r-xr-sr-x 1 root kmem 11144 May 14 12:52:52 2015 /usr/jails/.warden-template-10.1-RELEASE-amd64/usr/sbin/trpt
-79772 -r-xr-sr-x 1 root smmsp 692136 Jul 25 00:27:28 2015 /usr/libexec/sendmail/sendmail
- 109 -r-sr-xr-x 1 root wheel 38568 May 14 12:51:54 2015 /usr/libexec/ssh-keysign
- 115 -r-sr-xr-x 1 root wheel 5592 May 14 12:51:19 2015 /usr/libexec/ulog-helper
-70138 -rwsr-xr-x 1 root wheel 11464 May 4 14:52:42 2015 /usr/local/bin/otp
-32068 -rwsr-xr-x 1 root wheel 401136 May 5 04:31:14 2015 /usr/local/bin/screen
-70145 -rwsr-xr-x 1 root wheel 15880 May 4 14:52:43 2015 /usr/local/bin/su
-32139 -rwsr-xr-x 1 root wheel 103736 May 4 18:20:22 2015 /usr/local/bin/sudo
-72693 -r-xr-sr-x 1 root mail 61240 May 5 08:09:23 2015 /usr/local/libexec/dma
-72694 -r-sr-xr-x 1 root mail 7224 May 5 08:09:23 2015 /usr/local/libexec/dma-mbox-create
-25031 -rwsr-x--x 1 root wheel 7304 May 4 14:44:01 2015 /usr/local/sbin/jailme
-74112 -rwxr-sr-x 1 root kmem 127656 May 4 19:32:43 2015 /usr/local/sbin/lsof
-74027 -r-sr-xr-x 1 root wheel 32152 May 5 10:07:04 2015 /usr/local/sbin/traceroute
- 550 -r-sr-sr-x 2 root authpf 23744 May 14 12:52:37 2015 /usr/sbin/authpf
- 550 -r-sr-sr-x 2 root authpf 23744 May 14 12:52:37 2015 /usr/sbin/authpf-noip
- 482 -r-xr-sr-x 1 root daemon 54656 May 14 12:52:45 2015 /usr/sbin/lpc
-79866 -r-sr-xr-- 1 root network 415648 Jul 25 00:27:28 2015 /usr/sbin/ppp
- 549 -r-sr-xr-x 1 root wheel 20560 May 14 12:52:52 2015 /usr/sbin/timedc
- 495 -r-sr-xr-x 1 root wheel 28032 May 14 12:52:52 2015 /usr/sbin/traceroute
- 584 -r-sr-xr-x 1 root wheel 23592 May 14 12:52:52 2015 /usr/sbin/traceroute6
- 566 -r-xr-sr-x 1 root kmem 11144 May 14 12:52:52 2015 /usr/sbin/trpt
+ 29268 -r-xr-sr-x 1 root smmsp 700600 Aug 21 13:57:36 2015 /usr/libexec/sendmail/sendmail
+ 29274 -r-sr-xr-x 1 root wheel 38568 Aug 21 13:57:36 2015 /usr/libexec/ssh-keysign
+ 29286 -r-sr-xr-x 1 root wheel 5592 Aug 21 13:57:36 2015 /usr/libexec/ulog-helper
+123438 -rwsr-xr-x 1 root wheel 11552 Aug 11 08:50:03 2015 /usr/local/bin/otp
+ 78240 -rwsr-xr-x 1 root wheel 417288 Aug 10 06:57:28 2015 /usr/local/bin/screen
+123445 -rwsr-xr-x 1 root wheel 15952 Aug 11 08:50:04 2015 /usr/local/bin/su
+ 80876 -rwsr-xr-x 1 root wheel 107888 Aug 11 11:00:00 2015 /usr/local/bin/sudo
+124923 -r-xr-sr-x 1 root mail 61312 Aug 12 01:44:45 2015 /usr/local/libexec/dma
+124924 -r-sr-xr-x 1 root mail 7336 Aug 12 01:44:45 2015 /usr/local/libexec/dma-mbox-create
+ 49689 -rwsr-x--x 1 root wheel 7416 Aug 9 21:16:33 2015 /usr/local/sbin/jailme
+126348 -rwxr-sr-x 1 root kmem 129056 Aug 10 02:20:34 2015 /usr/local/sbin/lsof
+125763 -r-sr-xr-x 1 root wheel 31264 Aug 10 13:17:08 2015 /usr/local/sbin/traceroute
+ 29326 -r-sr-sr-x 2 root authpf 23744 Aug 21 13:57:36 2015 /usr/sbin/authpf
+ 29326 -r-sr-sr-x 2 root authpf 23744 Aug 21 13:57:36 2015 /usr/sbin/authpf-noip
+ 29526 -r-xr-sr-x 1 root daemon 54656 Aug 21 13:57:38 2015 /usr/sbin/lpc
+ 29618 -r-sr-xr-- 1 root network 415696 Aug 21 13:57:39 2015 /usr/sbin/ppp
+ 29714 -r-sr-xr-x 1 root wheel 20560 Aug 21 13:57:39 2015 /usr/sbin/timedc
+ 29716 -r-sr-xr-x 1 root wheel 32144 Aug 21 13:57:39 2015 /usr/sbin/traceroute
+ 29718 -r-sr-xr-x 1 root wheel 23592 Aug 21 13:57:39 2015 /usr/sbin/traceroute6
+ 29720 -r-xr-sr-x 1 root kmem 11144 Aug 21 13:57:39 2015 /usr/sbin/trpt
Checking negative group permissions:
warden.int.autonlab.org changes in mounted filesystems:
--- /var/log/mount.today 2015-07-25 03:02:13.000000000 -0400
+++ /tmp/security.rhtaXy77 2015-08-22 03:02:26.526483478 -0400
@@ -1,5 +1,5 @@
devfs /dev devfs rw,multilabel 0 0
-tank1/ROOT/10.1-RELEASE-p25-up-20150725_002729 / zfs rw,noatime,nfsv4acls 0 0
+tank1/ROOT/10.2-RELEASE-up-20150821_175054 / zfs rw,noatime,nfsv4acls 0 0
tank1/root /root zfs rw,nfsv4acls 0 0
tank1/tmp /tmp zfs rw,nfsv4acls 0 0
tank1/usr/home /usr/home zfs rw,nfsv4acls 0 0
Checking for uids of 0:
root 0
toor 0
Checking for passwordless accounts:
Checking login.conf permissions:
warden.int.autonlab.org ipfw denied packets:
warden.int.autonlab.org pf denied packets:
+++ /tmp/security.1uW14wtC 2015-08-22 03:02:26.667301568 -0400
+block return in all [ Evaluations: 25164 Packets: 3 Bytes: 234 States: 0 ]
+block return quick from <bruteforce> to any [ Evaluations: 25164 Packets: 0 Bytes: 0 States: 0 ]
+block return in quick on egress proto tcp from <sshguard> to any port = ssh label "ssh bruteforce" [ Evaluations: 25164 Packets: 0 Bytes: 0 States: 0 ]
+block drop in quick on ! lo0 inet from 127.0.0.0/8 to any [ Evaluations: 25164 Packets: 0 Bytes: 0 States: 0 ]
+block drop in quick from urpf-failed to any [ Evaluations: 22512 Packets: 15092 Bytes: 8610272 States: 0 ]
+block return in on ! lo0 proto tcp from any to any port 6000:6010 [ Evaluations: 7420 Packets: 0 Bytes: 0 States: 0 ]
warden.int.autonlab.org kernel log messages:
+++ /tmp/security.dAyX86wY 2015-08-22 03:02:26.706304393 -0400
+Copyright (c) 1992-2015 The FreeBSD Project.
+Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
+ The Regents of the University of California. All rights reserved.
+FreeBSD is a registered trademark of The FreeBSD Foundation.
+FreeBSD 10.2-RELEASE-p4 #0: Tue Aug 18 15:15:36 UTC 2015
+ root at amd64-builder.pcbsd.org:/usr/obj/usr/src/sys/GENERIC amd64
+FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 20140512
+VT: running with driver "vga".
+KLD file ipmi.ko is missing dependencies
+CPU: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz (2400.07-MHz K8-class CPU)
+ Origin="GenuineIntel" Id=0x406d8 Family=0x6 Model=0x4d Stepping=8
+ Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
+ Features2=0x43d8e3bf<SSE3,PCLMULQDQ,DTES64,MON,DS_CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,TSCDLT,AESNI,RDRAND>
+ AMD Features=0x28100800<SYSCALL,NX,RDTSCP,LM>
+ AMD Features2=0x101<LAHF,Prefetch>
+ Structured Extended Features=0x2282<TSCADJ,SMEP,ERMS,NFPUSG>
+ VT-x: PAT,HLT,MTF,PAUSE,EPT,UG,VPID
+ TSC: P-state invariant, performance statistics
+real memory = 19327352832 (18432 MB)
+avail memory = 16526168064 (15760 MB)
+Event timer "LAPIC" quality 600
+ACPI APIC Table: <INTEL TIANO >
+FreeBSD/SMP: Multiprocessor System Detected: 8 CPUs
+FreeBSD/SMP: 1 package(s) x 8 core(s)
+ cpu0 (BSP): APIC ID: 0
+ cpu1 (AP): APIC ID: 2
+ cpu2 (AP): APIC ID: 4
+ cpu3 (AP): APIC ID: 6
+ cpu4 (AP): APIC ID: 8
+ cpu5 (AP): APIC ID: 10
+ cpu6 (AP): APIC ID: 12
+ cpu7 (AP): APIC ID: 14
+ioapic0 <Version 2.0> irqs 0-23 on motherboard
+random: <Software, Yarrow> initialized
+module_register_init: MOD_LOAD (vesa, 0xffffffff80db8eb0, 0) error 19
+kbd1 at kbdmux0
+cryptosoft0: <software crypto> on motherboard
+aesni0: <AES-CBC,AES-XTS> on motherboard
+acpi0: <ALASKA A M I > on motherboard
+acpi0: Power Button (fixed)
+cpu0: <ACPI CPU> on acpi0
+cpu1: <ACPI CPU> on acpi0
+cpu2: <ACPI CPU> on acpi0
+cpu3: <ACPI CPU> on acpi0
+cpu4: <ACPI CPU> on acpi0
+cpu5: <ACPI CPU> on acpi0
+cpu6: <ACPI CPU> on acpi0
+cpu7: <ACPI CPU> on acpi0
+hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff on acpi0
+Timecounter "HPET" frequency 14318180 Hz quality 950
+Event timer "HPET" frequency 14318180 Hz quality 350
+Event timer "HPET1" frequency 14318180 Hz quality 340
+Event timer "HPET2" frequency 14318180 Hz quality 340
+atrtc0: <AT realtime clock> port 0x70-0x77 irq 8 on acpi0
+atrtc0: Warning: Couldn't map I/O.
+Event timer "RTC" frequency 32768 Hz quality 0
+attimer0: <AT timer> port 0x40-0x43,0x50-0x53 irq 0 on acpi0
+Timecounter "i8254" frequency 1193182 Hz quality 0
+Event timer "i8254" frequency 1193182 Hz quality 100
+Timecounter "ACPI-safe" frequency 3579545 Hz quality 850
+acpi_timer0: <24-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0
+pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
+pci0: <ACPI PCI bus> on pcib0
+pcib1: <ACPI PCI-PCI bridge> mem 0xdf2e0000-0xdf2fffff irq 16 at device 1.0 on pci0
+pci1: <ACPI PCI bus> on pcib1
+pcib2: <ACPI PCI-PCI bridge> at device 0.0 on pci1
+pci2: <ACPI PCI bus> on pcib2
+vgapci0: <VGA-compatible display> port 0xd000-0xd07f mem 0xde000000-0xdeffffff,0xdf000000-0xdf01ffff irq 16 at device 0.0 on pci2
+vgapci0: Boot video device
+pcib3: <ACPI PCI-PCI bridge> mem 0xdf2c0000-0xdf2dffff irq 16 at device 2.0 on pci0
+pci3: <ACPI PCI bus> on pcib3
+xhci0: <XHCI (generic) USB 3.0 controller> mem 0xdf100000-0xdf101fff irq 17 at device 0.0 on pci3
+xhci0: 64 bytes context size, 64-bit DMA
+usbus0 on xhci0
+pcib4: <ACPI PCI-PCI bridge> mem 0xdf2a0000-0xdf2bffff irq 20 at device 3.0 on pci0
+pci4: <ACPI PCI bus> on pcib4
+pci0: <processor> at device 11.0 (no driver attached)
+pci0: <base peripheral, IOMMU> at device 15.0 (no driver attached)
+igb0: <Intel(R) PRO/1000 Network Connection version - 2.4.0> port 0xe080-0xe09f mem 0xdf260000-0xdf27ffff,0xdf30c000-0xdf30ffff irq 20 at device 20.0 on pci0
+igb0: Using MSIX interrupts with 9 vectors
+igb0: Ethernet address: 0c:c4:7a:68:c9:08
+igb0: Bound queue 0 to cpu 0
+igb0: Bound queue 1 to cpu 1
+igb0: Bound queue 2 to cpu 2
+igb0: Bound queue 3 to cpu 3
+igb0: Bound queue 4 to cpu 4
+igb0: Bound queue 5 to cpu 5
+igb0: Bound queue 6 to cpu 6
+igb0: Bound queue 7 to cpu 7
+igb1: <Intel(R) PRO/1000 Network Connection version - 2.4.0> port 0xe060-0xe07f mem 0xdf240000-0xdf25ffff,0xdf308000-0xdf30bfff irq 21 at device 20.1 on pci0
+igb1: Using MSIX interrupts with 9 vectors
+igb1: Ethernet address: 0c:c4:7a:68:c9:09
+igb1: Bound queue 0 to cpu 0
+igb1: Bound queue 1 to cpu 1
+igb1: Bound queue 2 to cpu 2
+igb1: Bound queue 3 to cpu 3
+igb1: Bound queue 4 to cpu 4
+igb1: Bound queue 5 to cpu 5
+igb1: Bound queue 6 to cpu 6
+igb1: Bound queue 7 to cpu 7
+igb2: <Intel(R) PRO/1000 Network Connection version - 2.4.0> port 0xe040-0xe05f mem 0xdf220000-0xdf23ffff,0xdf304000-0xdf307fff irq 22 at device 20.2 on pci0
+igb2: Using MSIX interrupts with 9 vectors
+igb2: Ethernet address: 0c:c4:7a:68:c9:0a
+igb2: Bound queue 0 to cpu 0
+igb2: Bound queue 1 to cpu 1
+igb2: Bound queue 2 to cpu 2
+igb2: Bound queue 3 to cpu 3
+igb2: Bound queue 4 to cpu 4
+igb2: Bound queue 5 to cpu 5
+igb2: Bound queue 6 to cpu 6
+igb2: Bound queue 7 to cpu 7
+igb3: <Intel(R) PRO/1000 Network Connection version - 2.4.0> port 0xe020-0xe03f mem 0xdf200000-0xdf21ffff,0xdf300000-0xdf303fff irq 23 at device 20.3 on pci0
+igb3: Using MSIX interrupts with 9 vectors
+igb3: Ethernet address: 0c:c4:7a:68:c9:0b
+igb3: Bound queue 0 to cpu 0
+igb3: Bound queue 1 to cpu 1
+igb3: Bound queue 2 to cpu 2
+igb3: Bound queue 3 to cpu 3
+igb3: Bound queue 4 to cpu 4
+igb3: Bound queue 5 to cpu 5
+igb3: Bound queue 6 to cpu 6
+igb3: Bound queue 7 to cpu 7
+ehci0: <Intel Avoton USB 2.0 controller> mem 0xdf315000-0xdf3153ff irq 23 at device 22.0 on pci0
+usbus1: EHCI version 1.0
+usbus1 on ehci0
+atapci0: <Intel Avoton SATA300 controller> port 0xe150-0xe157,0xe140-0xe143,0xe130-0xe137,0xe120-0xe123,0xe110-0xe11f,0xe100-0xe10f irq 19 at device 23.0 on pci0
+ata2: <ATA channel> at channel 0 on atapci0
+ata3: <ATA channel> at channel 1 on atapci0
+atapci1: <Intel Avoton SATA300 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xe0b0-0xe0bf,0xe0a0-0xe0af irq 19 at device 24.0 on pci0
+ata0: <ATA channel> at channel 0 on atapci1
+ata1: <ATA channel> at channel 1 on atapci1
+isab0: <PCI-ISA bridge> at device 31.0 on pci0
+isa0: <ISA bus> on isab0
+uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
+uart1: <16550 or compatible> port 0x2f8-0x2ff irq 3 on acpi0
+orm0: <ISA Option ROMs> at iomem 0xc0000-0xc7fff,0xc8000-0xc8fff on isa0
+atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
+atkbd0: <AT Keyboard> irq 1 on atkbdc0
+kbd0 at atkbd0
+atkbd0: [GIANT-LOCKED]
+ppc0: cannot reserve I/O port range
+est0: <Enhanced SpeedStep Frequency Control> on cpu0
+est1: <Enhanced SpeedStep Frequency Control> on cpu1
+est2: <Enhanced SpeedStep Frequency Control> on cpu2
+est3: <Enhanced SpeedStep Frequency Control> on cpu3
+est4: <Enhanced SpeedStep Frequency Control> on cpu4
+est5: <Enhanced SpeedStep Frequency Control> on cpu5
+est6: <Enhanced SpeedStep Frequency Control> on cpu6
+est7: <Enhanced SpeedStep Frequency Control> on cpu7
+ZFS filesystem version: 5
+ZFS storage pool version: features support (5000)
+Timecounters tick every 1.000 msec
+random: unblocking device.
+usbus0: 5.0Gbps Super Speed USB v3.0
+usbus1: 480Mbps High Speed USB v2.0
+ugen0.1: <0x1912> at usbus0
+uhub0: <0x1912 XHCI root HUB, class 9/0, rev 3.00/1.00, addr 1> on usbus0
+ugen1.1: <Intel> at usbus1
+uhub1: <Intel EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus1
+uhub0: 8 ports with 8 removable, self powered
+ada0 at ata0 bus 0 scbus2 target 0 lun 0
+ada0: <WDC WD10EARS-00Z5B1 80.00A80> ATA8-ACS SATA 2.x device
+ada0: Serial Number WD-WMAVU2818253
+ada0: 300.000MB/s transfers (SATA 2.x, UDMA5, PIO 8192bytes)
+ada0: 953869MB (1953525168 512 byte sectors: 16H 63S/T 16383C)
+ada0: quirks=0x1<4K>
+ada0: Previously was known as ad0
+ada1 at ata1 bus 0 scbus3 target 0 lun 0
+ada1: <WDC WD10EADS-11P8B1 80.00A80> ATA8-ACS SATA 2.x device
+ada1: Serial Number WD-WMAVU1458351
+ada1: 300.000MB/s transfers (SATA 2.x, UDMA5, PIO 8192bytes)
+ada1: 953869MB (1953525168 512 byte sectors: 16H 63S/T 16383C)
+ada1: Previously was known as ad2
+SMP: AP CPU #1 Launched!
+SMP: AP CPU #2 Launched!
+SMP: AP CPU #4 Launched!
+SMP: AP CPU #7 Launched!
+SMP: AP CPU #5 Launched!
+SMP: AP CPU #3 Launched!
+SMP: AP CPU #6 Launched!
+Timecounter "TSC-low" frequency 1200033036 Hz quality 1000
+GEOM_MIRROR: Cancelling unmapped because of ada1p3.
+GEOM_MIRROR: Cancelling unmapped because of ada0p3.
+GEOM_MIRROR: Device mirror/swapmirror launched (2/2).
+Root mount waiting for: usbus1
+uhub1: 8 ports with 8 removable, self powered
+Root mount waiting for: usbus1
+ugen1.2: <vendor 0x8087> at usbus1
+uhub2: <vendor 0x8087 product 0x07db, class 9/0, rev 2.00/0.02, addr 2> on usbus1
+uhub2: 4 ports with 4 removable, self powered
+Root mount waiting for: usbus1
+ugen1.3: <vendor 0x0557> at usbus1
+uhub3: <vendor 0x0557 product 0x7000, class 9/0, rev 2.00/0.00, addr 3> on usbus1
+uhub3: 4 ports with 3 removable, self powered
+ugen1.4: <vendor 0x0557> at usbus1
+ukbd0: <vendor 0x0557 product 0x2419, class 0/0, rev 1.10/1.00, addr 4> on usbus1
+kbd2 at ukbd0
+Trying to mount root from zfs:tank1/ROOT/10.2-RELEASE-up-20150821_175054 []...
+GEOM_ELI: Device label/swap0.eli created.
+GEOM_ELI: Encryption: AES-XTS 128
+GEOM_ELI: Crypto: hardware
+warning: KLD '/boot/kernel/libiconv.ko' is newer than the linker.hints file
+warning: KLD '/boot/kernel/libmchain.ko' is newer than the linker.hints file
+warning: KLD '/boot/kernel/msdosfs_iconv.ko' is newer than the linker.hints file
+warning: KLD '/boot/kernel/sem.ko' is newer than the linker.hints file
+warning: KLD '/boot/kernel/linsysfs.ko' is newer than the linker.hints file
+warning: KLD '/boot/kernel/linux.ko' is newer than the linker.hints file
+warning: KLD '/boot/kernel/fuse.ko' is newer than the linker.hints file
+fuse-freebsd: version 0.4.4, FUSE ABI 7.8
+warning: KLD '/boot/kernel/ums.ko' is newer than the linker.hints file
+ums0: <vendor 0x0557 product 0x2419, class 0/0, rev 1.10/1.00, addr 4> on usbus1
+ums0: 3 buttons and [Z] coordinates ID=0
+warning: KLD '/boot/kernel/pflog.ko' is newer than the linker.hints file
+warning: KLD '/boot/kernel/pf.ko' is newer than the linker.hints file
+warning: KLD '/boot/kernel/ipfw.ko' is newer than the linker.hints file
+ipfw2 (+ipv6) initialized, divert loadable, nat loadable, default to accept, logging disabled
warden.int.autonlab.org login failures:
warden.int.autonlab.org refused connections:
Checking for packages with security vulnerabilities:
php56-5.6.11
pcre-8.37_2
ruby-2.0.0.645,1
-- End of security output --
More information about the Autonlab-sysinfo
mailing list