Re: [Integrit-users] CentOS 4.2: some mod times being reset with access time
Brought to you by:
ecashin
Menu
▾
▴
Re: [Integrit-users] CentOS 4.2: some mod times being reset with access time
|
From: Zarcomm C. <co...@ma...> - 2006-03-08 18:17:32
|
Here's a little more info; I was wrong about what was being swapped with what, but the mtimes were definintely changed. Here's info on /sbin/adsl* files first, the database run: [root@system run]# ../sbin/i-viewdb -s ../db/system.cdb.new | egrep 'sbin/adsl' | egrep -v usr /sbin/adsl-setup i(1065172) p(755) l(1) u(0) g(0) z(12886) a(20060307-113619) m(20050221-091659) c(20060223-115000) /sbin/adsl-status i(1065174) p(755) l(1) u(0) g(0) z(2748) a(20060307-113619) m(20050221-091659) c(20060223-115000) /sbin/adsl-start i(1065173) p(755) l(1) u(0) g(0) z(6451) a(20060307-113619) m(20050221-091659) c(20060223-115000) /sbin/adsl-stop i(1065175) p(755) l(1) u(0) g(0) z(3030) a(20060307-113619) m(20050221-091659) c(20060223-115000) /sbin/adsl-connect i(1065171) p(755) l(1) u(0) g(0) z(10110) a(20060307-113619) m(20050221-091659) c(20060223-115000) Next, some stat-s of files as they are now: [root@system run]# stat /sbin/adsl* File: `/sbin/adsl-connect' Size: 10110 Blocks: 32 IO Block: 4096 regular file Device: fd00h/64768d Inode: 1065171 Links: 1 Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2006-03-07 23:10:58.000000000 -0800 Modify: 2006-02-23 11:50:00.000000000 -0800 Change: 2006-03-07 23:33:09.000000000 -0800 File: `/sbin/adsl-setup' Size: 12886 Blocks: 40 IO Block: 4096 regular file Device: fd00h/64768d Inode: 1065172 Links: 1 Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2006-03-07 23:10:55.000000000 -0800 Modify: 2006-02-23 11:50:00.000000000 -0800 Change: 2006-03-07 23:33:06.000000000 -0800 File: `/sbin/adsl-start' Size: 6451 Blocks: 24 IO Block: 4096 regular file Device: fd00h/64768d Inode: 1065173 Links: 1 Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2006-03-07 23:10:57.000000000 -0800 Modify: 2006-02-23 11:50:00.000000000 -0800 Change: 2006-03-07 23:33:09.000000000 -0800 File: `/sbin/adsl-status' Size: 2748 Blocks: 16 IO Block: 4096 regular file Device: fd00h/64768d Inode: 1065174 Links: 1 Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2006-03-07 23:10:55.000000000 -0800 Modify: 2006-02-23 11:50:00.000000000 -0800 Change: 2006-03-07 23:33:07.000000000 -0800 File: `/sbin/adsl-stop' Size: 3030 Blocks: 16 IO Block: 4096 regular file Device: fd00h/64768d Inode: 1065175 Links: 1 Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2006-03-07 23:10:57.000000000 -0800 Modify: 2006-02-23 11:50:00.000000000 -0800 Change: 2006-03-07 23:33:09.000000000 -0800 [root@system run]# This is just a web server--we don't use these programs. Thanks again, Alex On Wed, 8 Mar 2006, Zarcomm Consulting wrote: > Hello, > > I've got a Centos 4.2 box one which I installed integrit, > made my first run thusly > > integrit -C twpol.txt -u > > then my first check maybe 20 minutes later thusly > > integrit -C twpol.txt -c > > and for some strange reason, a bunch of files that should > not have been modified in any way were, these in /sbin > being typical: > > changed: /sbin/adsl-setup m(20050221-091659:20060223-115000) > changed: /sbin/adsl-status m(20050221-091659:20060223-115000) > changed: /sbin/accton m(20050409-060012:20060223-114730) > changed: /sbin/arping m(20050822-200907:20060223-113357) > changed: /sbin/adsl-start m(20050221-091659:20060223-115000) > changed: /sbin/adsl-stop m(20050221-091659:20060223-115000) > changed: /sbin/alsactl m(20050823-030545:20060223-115252) > changed: /sbin/adsl-connect m(20050221-091659:20060223-115000) > changed: /sbin/avmcapictrl m(20050221-145316:20060223-114946) > > The new date-time is basically the installation date-time. > > Here's something useful: > > [root@system sbin]# ls -l | head > total 16444 > -rwxr-xr-x 1 root root 6720 Feb 23 11:47 accton > -rwxr-xr-x 1 root root 5244 Aug 21 2005 addpart > -rwxr-xr-x 1 root root 10110 Feb 23 11:50 adsl-connect > -rwxr-xr-x 1 root root 12886 Feb 23 11:50 adsl-setup > -rwxr-xr-x 1 root root 6451 Feb 23 11:50 adsl-start > -rwxr-xr-x 1 root root 2748 Feb 23 11:50 adsl-status > -rwxr-xr-x 1 root root 3030 Feb 23 11:50 adsl-stop > -rwxr-xr-x 1 root root 19988 Aug 21 2005 agetty > -rwxr-xr-x 1 root root 35760 Feb 23 11:52 alsactl > > [root@system sbin]# ls -lu | head > total 16444 > -rwxr-xr-x 1 root root 6720 Mar 7 23:10 accton > -rwxr-xr-x 1 root root 5244 Mar 7 11:36 addpart > -rwxr-xr-x 1 root root 10110 Mar 7 23:10 adsl-connect > -rwxr-xr-x 1 root root 12886 Mar 7 23:10 adsl-setup > -rwxr-xr-x 1 root root 6451 Mar 7 23:10 adsl-start > -rwxr-xr-x 1 root root 2748 Mar 7 23:10 adsl-status > -rwxr-xr-x 1 root root 3030 Mar 7 23:10 adsl-stop > -rwxr-xr-x 1 root root 19988 Mar 7 11:36 agetty > -rwxr-xr-x 1 root root 35760 Mar 7 23:10 alsactl > > [root@system sbin]# ls -lc | head > total 16444 > -rwxr-xr-x 1 root root 6720 Mar 7 23:33 accton > -rwxr-xr-x 1 root root 5244 Mar 7 23:30 addpart > -rwxr-xr-x 1 root root 10110 Mar 7 23:33 adsl-connect > -rwxr-xr-x 1 root root 12886 Mar 7 23:33 adsl-setup > -rwxr-xr-x 1 root root 6451 Mar 7 23:33 adsl-start > -rwxr-xr-x 1 root root 2748 Mar 7 23:33 adsl-status > -rwxr-xr-x 1 root root 3030 Mar 7 23:33 adsl-stop > -rwxr-xr-x 1 root root 19988 Mar 7 23:30 agetty > -rwxr-xr-x 1 root root 35760 Mar 7 23:33 alsactl > > The config directive used for /sbin was > > /sbin pilugsrmzAC > > > Anyways, hope I'm wrong, but please let me know what's going on. > > > Thanks, > > Alex > > > > ------------------------------------------------------- > This SF.Net email is sponsored by xPML, a groundbreaking scripting language > that extends applications into web and mobile media. Attend the live webcast > and join the prime developer group breaking into this new coding territory! > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 > _______________________________________________ > Integrit-users mailing list > Int...@li... > https://lists.sourceforge.net/lists/listinfo/integrit-users > |
