On Thu, Dec 18, 2008, Jun Salen wrote:>>From what I can see nagios' check_ping monitor executes /bin/ping,
>>in which case you need to make sure /bin/ping is owned by root
>>and is setuid (chmod u+s /bin/ping)
>>
>>nate
>That solved it. Same with file permission with mount, umount, su, and
>ping6. Thank you very much.
If the permissions on /bin/ping were incorrect, it may mean that
your system has been cracked. You probably should check by
running ``rpm -V iputils'' which will show changes in any files
in the package.
Crackers frequently hack system utilities to hide their presence
on the system, particularly things like /bin/ps, /bin/login,
/bin/netstat (pretty much anything in the /bin, /usr/bin, /sbin,
and /usr/sbin directories). For a quick list of rpm packages
that might be affected you can do:
rpm -qf /bin/* /sbin/* | sort -u > /tmp/critpackages
Then a quick check for changed files. This doesn't show the
package names, but that's easy to find with ``rpm -qf fname''.
rpm -V `cat /tmp/critpackages`
Bill
--
INTERNET: bill at celestial.com Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way
Voice: (206) 236-1676 Mercer Island, WA 98040-0820
Fax: (206) 232-9186
When I hear a man applauded by the mob I always feel a pang of pity
for him. All he has to do to be hissed is to live long enough.
-- H.L. Mencken, Minority Report