Date: Thu, 8 Jan 1998 11:45:47 -0500 (EST) From: Bryan Swann <swann@nosc.mil> To: Lance Hartford <lhartfor@mtghouse.com> Cc: freebsd-security@freebsd.org Subject: Re: /usr/bin/su modification time changing Message-ID: <Pine.GSO.3.96.980108113554.1842B-100000@mailbox> In-Reply-To: <Pine.BSF.3.95.980108093729.14685B-100000@larry>
next in thread | previous in thread | raw e-mail | index | archive | help
I believe there are three different times associated with each file, creation time, last access time, last modification time. I assume your message came from tripwire or a similar tool. You can use options to the ls command to determine which of the times have changed. You may find that you need to alter the 'time' your security check monitors for. Best of luck. __________________________________________________________________________ | Bryan Swann (swann@nosc.mil) 803/974-4267 803/974-5080 (Fax) | | Eagan McAllister Associates, Inc. | | | | "Everything must be working perfectly, cause I don't smell any smoke" | -------------------------------------------------------------------------- On Thu, 8 Jan 1998, Lance Hartford wrote: > > I just installed 2.2.5 on a PC and I received the following portion of > message in a security mail that was sent out last night: > > xyz setuid diffs: > 152c152 > < -r-sr-xr-x 1 root bin 16384 Oct 21 10:19:25 1997 /usr/bin/su > --- > > -r-sr-xr-x 1 root bin 16384 Jan 7 19:40:28 1998 /usr/bin/su > > I did a "sum" on the /usr/bin/su on another system onsite, and found > that there was no difference compared to the one on this system. Does > this imply that there is a security problem at my site? > > Thanks. > > Lance > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.3.96.980108113554.1842B-100000>