We run an old version of tripwire every night just as a security precaution
(duh!). On Saturday, we noticed three files, seemingly unrelated had had
their times updates:
changed: -rw-r--r-- root 140 Dec 19 00:25:33 1999 /etc/mtab
changed: -rw-r--r-- root 40 Dec 19 00:25:35 1999 /etc/adjtime
changed: -rw-r--r-- root 21432 Dec 19 00:25:20 1999
/lib/modules/2.2.5-15smp/modules.dep
Besides the default Redhat crontabs and cron.*'s, we haven't added anything
that would occur around this time. We've looked through our logs and noticed
no breaks in normal activity (we have a monitoring software that taps it
every 2 minutes, and there was no break in that activity) and we've looked
through the weblogs of a site that gets hit about once every five seconds
and saw no breaks there either.
Taking a look at the mtab and modules.dep on another machine which we just
barely put together proves that they look the same - mtab differs by /dev/
lettering and the module.dep only diffs on the 2.2.5-15smp and 2.2.5-15
line.
The question: what would modify these files, how are these files
interlinked, and should I be worried that something bad happened?
Kevin Hemenway
-- -----------------------------------------------------------------
Total Net NH, LLC EMAIL: <[EMAIL PROTECTED]>
15 Pleasant St., Suite 11 WEBSITE: <http://www.totalnetnh.net/>
Concord, NH 03301 PHONE: (603) 225-8422
--------------------------------------------------------------------
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
