Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: ic_admin (admin_at_i-concept.de)
Date: Tue Jul 09 2002 - 12:03:00 CDT
I have the next problem and I do not know how this could happen:
I'm running tripwire to check my system each night, now I have a file
which appears in my tripwire result as changed:
But I didn't changed it! And in the tripwire-result I can only see the
md5 and snefru sig's and NO st_mtime and NO st_ctime is displayed!
The next night I run the tripwire-system again and now the result is OK
without creating a new database!?
Some days later another file was changed as the result of the tripwire
The same as described before but I see this changed file in each result
until it occured the first time.
Some days later these files show the same behaviour:
- Tripwire version 1.2 (patchlevel 2)
This have I done before:
I have secure copies of all my tripwire databases and I diff my secured
against the one from the system -- it is OK, they do not differ!
I took a look in all log's, bash_history and I checked the logins with
last -- nothing!
I am running iptables on this machine and only port 53 is open for IN
What happens on this machine? I don't think that somebody hack my
system; perhaps somebody has similar problems and could help me.
Many thanks and regards
-- To unsubscribe, e-mail: suse-security-unsubscribesuse.com For additional commands, e-mail: suse-security-helpsuse.com Security-related bug reports go to securitysuse.de, not here