Security leach or a misconfiguration...

1 post / 0 new
#1 Wed, 01/23/2008 - 07:54
kquizak

Security leach or a misconfiguration...

I don't know what is wrong ... I have a CentOS 5 system... and surprise... loged in as a user... I can issue system commands that like ifconfig ps aux cat /etc/passwd /proc

i also tested this on a FC7 box and this is the result: [code:1][florin@poseidon ~]$ ifconfig bash: ifconfig: command not found [/code:1] same command on webserver: [code:1]sh-3.1$ ifconfig eth0 Link encap:Ethernet HWaddr 00:0F:EA:B8:01:«»DC
inet addr:192.168.0.185 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::20f:eaff:feb8:1dc/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:14680 errors:0 dropped:0 overruns:0 frame:0 TX packets:4845 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:6937709 (6.6 MiB«») TX bytes:1097937 (1.0 MiB«») [/code:1]

i looked into .bash_profile of both users and they are the same... so what could be that for the webserver it seas ifconfig?