Date: Thu, 29 Jan 2015 02:28:00 -0500 From: Garrett Wollman <wollman@bimajority.org> To: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> Cc: freebsd-security@freebsd.org Subject: Re: Strange package checksum report Message-ID: <21705.57600.546683.831932@hergotha.csail.mit.edu> In-Reply-To: <86y4orp2zp.fsf@nine.des.no> References: <21698.32224.747971.146491@khavrinen.csail.mit.edu> <868ugrr5r3.fsf@nine.des.no> <21700.23803.911745.834275@hergotha.csail.mit.edu> <86y4orp2zp.fsf@nine.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Sun, 25 Jan 2015 11:29:46 +0100, Dag-Erling Sm=C3=B8rgrav <des@des= .no> said: > I assume that you're using official packages and don't have a locally= > compiled Python interpreter or anything like that? We build our own package repositories. > Could you perhaps turn on auditing in order to find out what's touchi= ng > these files? Maybe. It will probably take a while. My a priori guess, knowing that we don't directly use any python programs is that it's either some Nagios plugin or some Munin plugin (there are a few that are written in python) that's actually causing the files to get updated. There's nothing else that should be running as root on these systems. If I get a moment, I can check which plugins meet those criteria and try disabling them. -GAWollman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?21705.57600.546683.831932>