[Aide] strange behaviour
Virolainen Pablo
pablo at cs.tut.fi
Mon Jan 3 22:41:11 EET 2005
On Wed, 29 Dec 2004, Andon Tschauschev wrote:
> a few days ago I performed a regular check with AIDE 0.10 and I have found
> the following lines in the report:
> .
> .
> changed:/usr/bin/smbspool
> .
> .
> File: /usr/bin/smbspool
> HAVAL : Qs+hZ0oDaQnxeM0DsGrNeoxzvp/mUrw+T0VC9It,
> c71W1imvkZvB9SyCQr56LalujTDLfjHkDge6bj2
> GOST : yElHU109maeywXB0wVsTdj17sggzmSJedeNeY/f,
> UBjBCqMK7qt8ZzNviq6/Cz1knHF608BEN3ERKY1
> .
> .
>
>
> (Please, note, I have never used SAMBA, and I didnt modified it by myself.)
>
> Well, it was very strange for me, how only HAVAL and GOST where modified, but
> not MD5?
>
> - From the config file:
>
> all=R+haval+gost
> /bin all
>
>
> A few hours later I performed second check, with the same AIDE database and
> config file, there was nothing concerning changes in /usr/bin/smbspool...
>
> What do you mean, is this a security issue and how may be explained?
It might be a security issue, a bug in AIDE, a bug in operatin system or
broken (overclocked?) hardware.
Broken memory have given similar results for me. And yes, I am too lazy to
take the broken memory out of the machine. So I use BadRam 1) patch.
1) http://rick.vanrein.org/linux/badram/
Duke NEMO / C.O.M.A
alias pablo the pallo virolainen
More information about the Aide
mailing list