Uh-oh

[Guest BooYah]

Found these messages today. What's up? I seriously doubt somone hacked into my little laptop, so why would these files change? What do SUID and Sgid stand for?

 

I'm trying to get my firewall working right, so maybe that's got something to do with this.

 

ml85p and escputil are for printers I don't even have. Can I just delete these? Come to think of it, I've actually got a whole load of stuff I don't need under (KDE) [ start application -> configuration -> printing] that I'd like to get rid of while I'm at it.

 

kppp is for a dial up connection, right? I don't use dial-up a connection; I'm on ADSL. Can kppp get the axe too, or does something else need it?

 

Security Warning: the md5 checksum for one of your SUID files has changed,

maybe an intruder modified one of these suid binary in order to put in a backdoor...

- Checksum changed file : /usr/bin/kppp

- Checksum changed file : /usr/bin/ml85p

 

Security Warning: Changes in Sgid files found :

- No longer present sgid file : /usr/bin/escputil

[ramfree17]

its just probably msec. go to the mandrakesecure.net site and read about how to tame msec.

 

ciao!

[Guest BooYah]

Thank you ramfree17,

 

Something related that I'm trying to figure out is why root never gets any mail. Where do I start with this one /var/spool/root and /var/spool/postfix exist, but root is empty and postfix looks like it may have have a message from October. Which one is root's mailbox?

 

Shouldn't root be getting security messages like this?

[Guest BooYah]

Never mind, I think I got it.

 

anon posted a link to a intro to msec in a different thread. MAIL_WARN was set to "no"