From owner-freebsd-questions  Mon Sep 21 14:11:29 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA07177
          for freebsd-questions-outgoing; Mon, 21 Sep 1998 14:11:29 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from resnet.uoregon.edu (resnet.uoregon.edu [128.223.144.32])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA07160
          for <questions@FreeBSD.ORG>; Mon, 21 Sep 1998 14:11:23 -0700 (PDT)
          (envelope-from dwhite@resnet.uoregon.edu)
Received: from localhost (dwhite@localhost)
          by resnet.uoregon.edu (8.8.8/8.8.8) with ESMTP id OAA13466;
          Mon, 21 Sep 1998 14:10:44 -0700 (PDT)
          (envelope-from dwhite@resnet.uoregon.edu)
Date: Mon, 21 Sep 1998 14:10:44 -0700 (PDT)
From: Doug White <dwhite@resnet.uoregon.edu>
To: Carey Nairn <cpn@dpac.tas.gov.au>
cc: questions@FreeBSD.ORG
Subject: Re: daily security check
In-Reply-To: <Pine.BSF.3.96.980919124652.886H-100000@jumpgate.cpn.org.au>
Message-ID: <Pine.BSF.4.03.9809211409390.11562-100000@resnet.uoregon.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, 19 Sep 1998, Carey Nairn wrote:

> I have a question regarding the daily security check:
> 
> last night I got the following report:
> 
> checking setuid files and devices:
> 
> whitestar setuid diffs:
> 46c46
> < -r-sr-xr-x  5 root  bin     286720 Sep 15 18:44:12 1998
> /usr/bin/hoststat
> ---
> > -r-sr-xr-x  5 root  bin     286720 Sep 18 20:27:50 1998
> /usr/bin/hoststat
> 55c55
> < -r-sr-xr-x  5 root  bin     286720 Sep 15 18:44:12 1998 /usr/bin/mailq
> ---
> > -r-sr-xr-x  5 root  bin     286720 Sep 18 20:27:50 1998 /usr/bin/mailq

[other fine with changed timestamps...]

> I have compared the files listed with the ones on the 2.2.7 live
> filesystem CD and they are the same.  What would cause the timestamp
> changes on these files?

There are known VM system bugs that can cause this sort of thing.  That or
someone with root access is touching all your files just to annoy you.
Was there anyone logged in at that time?

> This also happened on Sep 15 (as you can see from the previous
> timestamps).  Prior to that, the files had the same timestamps as the ones
> on the CD.

What version of FreeBSD are you running?

Doug White                               
Internet:  dwhite@resnet.uoregon.edu    | FreeBSD: The Power to Serve
http://gladstone.uoregon.edu/~dwhite    | www.freebsd.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message