Code [path001w]
The indicated file is in root's PATH, and is group writable, world writable or both. This can allow Trojan horse programs or viruses to be planted into these executables and spread by `root'. The group and world write permissions should be removed.
Code [path002w]
The indicated file is in root's PATH, but is not owned by root. This can allow Trojan horse programs or viruses to be planted into these executables and spread by `root'. Often these executables are owned by `bin', `uucp' or other system accounts. If these commands are never used by root, then this is not a problem. If they are, you should consider changing the owner to `root'. Because of SMI's recent decision to install most /usr/sbin/accessdb /usr/sbin/add-shell /usr/sbin/chgpasswd /usr/sbin/chpasswd /usr/sbin/chroot /usr/sbin/cpgr /usr/sbin/cppw /usr/sbin/cytune /usr/sbin/debfoster2aptitude /usr/sbin/dpkg-divert /usr/sbin/dpkg-preconfigure /usr/sbin/dpkg-reconfigure /usr/sbin/dpkg-statoverride /usr/sbin/e2freefrag /usr/sbin/e4defrag /usr/sbin/fdformat /usr/sbin/filefrag /usr/sbin/groupadd /usr/sbin/groupdel /usr/sbin/groupmod /usr/sbin/grpck /usr/sbin/grpconv /usr/sbin/grpunconv /usr/sbin/iconvconfig /usr/sbin/install-info /usr/sbin/invoke-rc.d /usr/sbin/ldattach /usr/sbin/mklost+found /usr/sbin/newusers /usr/sbin/nologin /usr/sbin/pam-auth-update /usr/sbin/pam_getenv /usr/sbin/policy-rc.d /usr/sbin/pwck /usr/sbin/pwconv /usr/sbin/pwunconv /usr/sbin/readprofile /usr/sbin/remove-shell /usr/sbin/rmt /usr/sbin/rmt-tar /usr/sbin/rtcwake /usr/sbin/service /usr/sbin/tunelp /usr/sbin/tzconfig /usr/sbin/update-alternatives /usr/sbin/update-bootsystem-insserv /usr/sbin/update-passwd /usr/sbin/update-rc.d /usr/sbin/update-rc.d-insserv /usr/sbin/useradd /usr/sbin/userdel /usr/sbin/usermod /usr/sbin/vigr /usr/sbin/vipw /usr/sbin/visudo /usr/sbin/zic and /usr/bin/[ /usr/bin/a2p /usr/bin/addpart /usr/bin/addr2line /usr/bin/apropos /usr/bin/apt-cache /usr/bin/apt-cdrom /usr/bin/apt-config /usr/bin/apt-get /usr/bin/apt-key /usr/bin/apt-mark /usr/bin/ar /usr/bin/arch /usr/bin/as /usr/bin/autoconf /usr/bin/autoheader /usr/bin/autom4te /usr/bin/autoreconf /usr/bin/autoscan /usr/bin/autoupdate /usr/bin/awk /usr/bin/base64 /usr/bin/basename /usr/bin/bashbug /usr/bin/bsd-from /usr/bin/bsd-write /usr/bin/c++ /usr/bin/c++filt /usr/bin/c2ph /usr/bin/c89 /usr/bin/c89-gcc /usr/bin/c99 /usr/bin/c99-gcc /usr/bin/cal /usr/bin/calendar /usr/bin/captoinfo /usr/bin/catchsegv /usr/bin/catman /usr/bin/cc /usr/bin/chage /usr/bin/chattr /usr/bin/chcon /usr/bin/chfn /usr/bin/chkdupexe /usr/bin/chrt /usr/bin/chsh /usr/bin/cksum /usr/bin/clear /usr/bin/clear_console /usr/bin/cmp /usr/bin/col /usr/bin/colcrt /usr/bin/colrm /usr/bin/column /usr/bin/comm /usr/bin/config_data /usr/bin/corelist /usr/bin/cpan /usr/bin/cpan2dist /usr/bin/cpanp /usr/bin/cpanp-run-perl /usr/bin/cpp /usr/bin/cpp-4.6 /usr/bin/csplit /usr/bin/cut /usr/bin/ddate /usr/bin/debconf /usr/bin/debconf-apt-progress /usr/bin/debconf-communicate /usr/bin/debconf-copydb /usr/bin/debconf-escape /usr/bin/debconf-gettextize /usr/bin/debconf-set-selections /usr/bin/debconf-show /usr/bin/debconf-updatepo /usr/bin/debfoster /usr/bin/delpart /usr/bin/dh /usr/bin/dh_auto_build /usr/bin/dh_auto_clean /usr/bin/dh_auto_configure /usr/bin/dh_auto_install /usr/bin/dh_auto_test /usr/bin/dh_bugfiles /usr/bin/dh_builddeb /usr/bin/dh_clean /usr/bin/dh_compress /usr/bin/dh_desktop /usr/bin/dh_fixperms /usr/bin/dh_gconf /usr/bin/dh_gencontrol /usr/bin/dh_icons /usr/bin/dh_install /usr/bin/dh_installcatalogs /usr/bin/dh_installchangelogs /usr/bin/dh_installcron /usr/bin/dh_installdeb /usr/bin/dh_installdebconf /usr/bin/dh_installdirs /usr/bin/dh_installdocs /usr/bin/dh_installemacsen /usr/bin/dh_installexamples /usr/bin/dh_installgsettings /usr/bin/dh_installifupdown /usr/bin/dh_installinfo /usr/bin/dh_installinit /usr/bin/dh_installlogcheck /usr/bin/dh_installlogrotate /usr/bin/dh_installman /usr/bin/dh_installmanpages /usr/bin/dh_installmenu /usr/bin/dh_installmime /usr/bin/dh_installmodules /usr/bin/dh_installpam /usr/bin/dh_installppp /usr/bin/dh_installudev /usr/bin/dh_installwm /usr/bin/dh_installxfonts /usr/bin/dh_link /usr/bin/dh_lintian /usr/bin/dh_listpackages /usr/bin/dh_makeshlibs /usr/bin/dh_md5sums /usr/bin/dh_movefiles /usr/bin/dh_perl /usr/bin/dh_prep /usr/bin/dh_python /usr/bin/dh_scrollkeeper /usr/bin/dh_shlibdeps /usr/bin/dh_strip /usr/bin/dh_suidregister /usr/bin/dh_testdir /usr/bin/dh_testroot /usr/bin/dh_ucf /usr/bin/dh_undocumented /usr/bin/dh_usrlocal /usr/bin/diff /usr/bin/diff3 /usr/bin/dircolors /usr/bin/dirname /usr/bin/dpkg /usr/bin/dpkg-architecture /usr/bin/dpkg-buildflags /usr/bin/dpkg-buildpackage /usr/bin/dpkg-checkbuilddeps /usr/bin/dpkg-deb /usr/bin/dpkg-distaddfile /usr/bin/dpkg-divert /usr/bin/dpkg-genchanges /usr/bin/dpkg-gencontrol /usr/bin/dpkg-gensymbols /usr/bin/dpkg-maintscript-helper /usr/bin/dpkg-mergechangelogs /usr/bin/dpkg-name /usr/bin/dpkg-parsechangelog /usr/bin/dpkg-query /usr/bin/dpkg-scanpackages /usr/bin/dpkg-scansources /usr/bin/dpkg-shlibdeps /usr/bin/dpkg-source /usr/bin/dpkg-split /usr/bin/dpkg-statoverride /usr/bin/dpkg-trigger /usr/bin/dpkg-vendor /usr/bin/dprofpp /usr/bin/du /usr/bin/elfedit /usr/bin/enc2xs /usr/bin/env /usr/bin/envsubst /usr/bin/eqn /usr/bin/expand /usr/bin/expiry /usr/bin/expr /usr/bin/factor /usr/bin/faillog /usr/bin/faked-sysv /usr/bin/faked-tcp /usr/bin/fakeroot /usr/bin/fakeroot-sysv /usr/bin/fakeroot-tcp /usr/bin/fallocate /usr/bin/file /usr/bin/find /usr/bin/find2perl /usr/bin/flock /usr/bin/fmt /usr/bin/fold /usr/bin/from /usr/bin/g++ /usr/bin/g++-4.6 /usr/bin/gcc /usr/bin/gcc-4.6 /usr/bin/gcov /usr/bin/gcov-4.6 /usr/bin/gencat /usr/bin/geqn /usr/bin/getconf /usr/bin/getent /usr/bin/getopt /usr/bin/gettext /usr/bin/gettext.sh /usr/bin/gettextize /usr/bin/gold /usr/bin/gpasswd /usr/bin/gpg /usr/bin/gpg-zip /usr/bin/gpgsplit /usr/bin/gpgv /usr/bin/gpic /usr/bin/gprof /usr/bin/groff /usr/bin/grog /usr/bin/grops /usr/bin/grotty /usr/bin/groups /usr/bin/gtbl /usr/bin/h2ph /usr/bin/h2xs /usr/bin/hd /usr/bin/head /usr/bin/hexdump /usr/bin/hostid /usr/bin/html2text /usr/bin/i386 /usr/bin/iconv /usr/bin/id /usr/bin/ifnames /usr/bin/infocmp /usr/bin/infotocap /usr/bin/install /usr/bin/instmodsh /usr/bin/ionice /usr/bin/ipcmk /usr/bin/ipcrm /usr/bin/ipcs /usr/bin/ischroot /usr/bin/join /usr/bin/json_pp /usr/bin/last /usr/bin/lastb /usr/bin/lastlog /usr/bin/lcf /usr/bin/ld /usr/bin/ld.bfd /usr/bin/ld.gold /usr/bin/ldd /usr/bin/lexgrog /usr/bin/libnetcfg /usr/bin/line /usr/bin/link /usr/bin/linux32 /usr/bin/linux64 /usr/bin/locale /usr/bin/localedef /usr/bin/logger /usr/bin/logname /usr/bin/s file of a given user does not belong to him, if you are running the rlogin service this transfers control to what users (and where from) can access this account to the user that this files belongs to. This is usually and indication of an intrusion attempt and you should take steps to remove this file and determine who has accessed to this account using the rlogin service. Consider removing the 'r' commands altogether and use safer replacements commands, including public-key cryptography programs (such as SSH implementations)
Code [rcmd018a]
Root has an .rhosts file, you should avoid at all hosts providing passwordless remote access to the administrator user. This can also be an indication of a remote intrusion, if so you should take steps to remove this file and determine who has accessed to this account using the rlogin service. Consider removing the 'r' commands altogether and use safer replacements commands, including public-key cryptography programs (such as SSH implementations) �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./usr/lib/tiger/doc/pcap.txt������������������������������������������������������������������������0000644�0000000�0000000�00000001606�10217661040�014633� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������%pcap001i The file indicated for a printer control does not exist. This is just an informational message, though it probably means something in the print system isn't configured correctly. %pcap002i The indicated file or directory associated with a printer control does not have secure ownership. This may represent a security vulnerability. %pcap002w The indicated executable associated with a printer control does not have secure ownership. This may represent a security vulnerability, as it may be possible to replace the executable. %pcap003i The indicated file or directory associated with a printer control has group or world write permissions. This may represent a security vulnerability. %pcap003w The indicated executable associated with a printer control has group or world write permissions. This may represent a security vulnerability, as it may be possible to replace the executable. ��������������������������������������������������������������������������������������������������������������������������./usr/lib/tiger/doc/embed.txt�����������������������������������������������������������������������0000644�0000000�0000000�00000006306�10217661040�014766� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������%embed The embedded references are formatted as pathname_1->pathname_2->pathname_3... which indicates that pathname_1 is a string embedded in the binary pointed to by pathname_2, which in turn is a string embedded in pathname_3. Or, to read it the other way around, pathname_3 refers to pathname_2 which refers to pathname_1. %embed001w See the 'embed' explanation for an explanation of the format of the embedded references. The indicated pathname to an executable contains a component which is not owned by root. This can enable an intruder to gain unauthorized privileges if they are able to replace the binary. See the 'rationale' explanation for a discussion of the reasons that executables run by root should be owned by root. %embed001i See the 'embed' explanation for an explanation of the format of the embedded references. The indicated pathname to a file or directory contains a component which is not owned by root. This may indicate a vulnerability in the system. It will be necessary to study the programs in which the pathname was found to determine whether there is a problem. %embed002w See the 'embed' explanation for an explanation of the format of the embedded references. The indicated executable is not owned by owned by root. This can enable an intruder to gain unauthorized privileges if they are able to overwrite the executable. See the 'rationale' explanation for a discussion of the reasons that executables run by root should be owned by root. Note that if the executable is setuid to a non-root ID, then the ownershop should *NOT* be changed to root unless the setuid bit is also removed. %embed002i See the 'embed' explanation for an explanation of the format of the embedded references. The indicated file or directory is not owned by root. This may indicate a vulnerability in the system. It will be necessary to study the programs in which the pathname was found to determine whether there is a problem. %embed003w See the 'embed' explanation for an explanation of the format of the embedded references. The indicated pathname to an executable contains a component which is group writable, world writable or both. This can enable an intruder to gain unauthorized privileges if they are able to replace the executable. %embed003i See the 'embed' explanation for an explanation of the format of the embedded references. The indicated pathname to a file or directory contains a component which is group writable, world writable or both. This may indicate a vulnerability in the system. It will be necessary to study the file and programs in which the pathname was found to determine whether there is a problem. %embed004w See the 'embed' explanation for an explanation of the format of the embedded references. The execu