|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: ic_admin (admin_at_i-concept.de)
Date: Tue Jul 09 2002 - 12:03:00 CDT
Hi again,
I have the next problem and I do not know how this could happen:
I'm running tripwire to check my system each night, now I have a file
which appears in my tripwire result as changed:
/usr/lib/libc_nonshared.a
But I didn't changed it! And in the tripwire-result I can only see the
md5 and snefru sig's and NO st_mtime and NO st_ctime is displayed!
The next night I run the tripwire-system again and now the result is OK
without creating a new database!?
Some days later another file was changed as the result of the tripwire
told me:
/usr/bin/expiry
The same as described before but I see this changed file in each result
until it occured the first time.
Some days later these files show the same behaviour:
/usr/share/terminfo/h/hp2645a
/opt/kde2/bin/meinproc
/usr/lib/locale/ar_EG/LC_COLLATE
/usr/lib/perl5/5.6.0/unicode/Names.txt
I'm running:
- Tripwire version 1.2 (patchlevel 2)
- SuSE7.2
This have I done before:
I have secure copies of all my tripwire databases and I diff my secured
against the one from the system -- it is OK, they do not differ!
I took a look in all log's, bash_history and I checked the logins with
last -- nothing!
I am running iptables on this machine and only port 53 is open for IN
and OUT.
What happens on this machine? I don't think that somebody hack my
system; perhaps somebody has similar problems and could help me.
Many thanks and regards
Ruediger
InterConcept GmbH
Drosselweg 27
D-61462 Koenigstein
-- To unsubscribe, e-mail: suse-security-unsubscribesuse.com For additional commands, e-mail: suse-security-help
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]