Date: Thu, 04 Mar 2010 14:53:24 -0500 From: Mike Tancsa <mike@sentex.net> To: freebsd-security@freebsd.org Subject: tripwire and device numbers Message-ID: <201003041953.o24JrDhi038522@lava.sentex.ca>
next in thread | raw e-mail | index | archive | help
While getting a box ready for deployment, I noticed on two occasions,
I would get some exception reports flagging all files as the
underlying device number through reboots had changed. Is this
"normal" for Tripwire and FreeBSD ? (RELENG_7)
The file system is on
da0 at twa0 bus 0 target 0 lun 0
da0: <AMCC 9650SE-2LP DISK 4.08> Fixed Direct Access SCSI-5 device
da0: 100.000MB/s transfers
da0: 238408MB (488259584 512 byte sectors: 255H 63S/T 30392C)
SMP: AP CPU #1 Launched!
eg.
Rule Name: Local files (/usr/local/sbin)
Severity Level: 66
-------------------------------------------------------------------------------
----------------------------------------
Modified Objects: 10
----------------------------------------
Modified object name: /usr/local/sbin
Property: Expected Observed
------------- ----------- -----------
Object Type Directory Directory
* Device Number 92 98
Inode Number 2637949 2637949
Mode drwxr-xr-x drwxr-xr-x
Num Links 2 2
UID root (0) root (0)
GID wheel (0) wheel (0)
Size 512 512
Modify Time Wed Mar 3 15:24:02 2010 Wed Mar 3 15:24:02 2010
Blocks 4 4
---Mike
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike@sentex.net
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201003041953.o24JrDhi038522>