[Aide] strange behaviour
Andon Tschauschev
andon.tschauschev at mmweg.rwth-aachen.de
Wed Dec 29 01:28:20 EET 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi everybody!
a few days ago I performed a regular check with AIDE 0.10 and I have found
the following lines in the report:
.
.
changed:/usr/bin/smbspool
.
.
File: /usr/bin/smbspool
HAVAL : Qs+hZ0oDaQnxeM0DsGrNeoxzvp/mUrw+T0VC9It,
c71W1imvkZvB9SyCQr56LalujTDLfjHkDge6bj2
GOST : yElHU109maeywXB0wVsTdj17sggzmSJedeNeY/f,
UBjBCqMK7qt8ZzNviq6/Cz1knHF608BEN3ERKY1
.
.
(Please, note, I have never used SAMBA, and I didnt modified it by myself.)
Well, it was very strange for me, how only HAVAL and GOST where modified, but
not MD5?
- From the config file:
all=R+haval+gost
/bin all
A few hours later I performed second check, with the same AIDE database and
config file, there was nothing concerning changes in /usr/bin/smbspool...
What do you mean, is this a security issue and how may be explained?
Excuse my poor english.
Thanks!
Andon
- --
PGP Public Key:
http://www.abece.de/public_key.asc
Key-ID: 0x9E8C4262
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFB0ewjsFUOL56MQmIRAuRtAKDG3zswGb1Pp3Q3SwgIs2AzXc15ggCggwXt
po53pBN2JmX/D2/7oUofAoA=
=4Lcx
-----END PGP SIGNATURE-----
More information about the Aide
mailing list