[Aide] Strange happenings in the Aide report

[Doug Ledbetter]

Hello!

I'm new to Aide and I'm trying to figure out the best way to use it to help 
protect my server.  I'm running version 0.10.  I've been getting some 
unusual alerts in the report recently.  For example:

File /usr/lib/i386-redhat-linux7/include/rpc/key_prot.h was changed so that 
hash cannot be calculated for it
File /usr/lib/i386-redhat-linux7/include/rpc/key_prot.h in databases has 
different attributes, 228285,3005


I was initially a little concerned since that header file shouldn't be 
changing.  I did some research on the web and found some others that are 
having similar false positives.  Is there a fix for this issue in CVS?  I 
was a little hesitant to install a CVS snapshot since I don't know the 
status.  Suggestions will be appreciated!  :)



Full report follows:

File /usr/share/man/man3/sigtrap.3pm.gz in databases has different 
attributes, 3005,228285
File /usr/lib/i386-redhat-linux7/include/rpc/key_prot.h was changed so that 
hash cannot be calculated for it
File /usr/lib/i386-redhat-linux7/include/rpc/key_prot.h in databases has 
different attributes, 228285,3005
File /usr/src/linux-2.4.21-9.0.1.EL.c0/net/irda/crc.c was changed so that 
hash cannot be calculated for it
File /usr/src/linux-2.4.21-9.0.1.EL.c0/net/irda/crc.c in databases has 
different attributes, 228285,3005
AIDE found differences between database and filesystem!!
Start timestamp: 2005-06-19 04:00:01
Summary:
Total number of files=102418,added files=0,removed files=0,changed files=1

Changed files:
changed:/etc
Detailed information about changes:

Directory: /etc
   Mtime    : 2005-06-15 00:10:33               , 2005-06-19 
00:10:29
   Ctime    : 2005-06-15 00:10:33               , 2005-06-19 
00:10:29




____________________________________________________________

Doug Ledbetter --> dougl at mybetter.com
MyBetter Web Hosting - Budget Web Hosting
http://www.mybetter.com/
PGP Public Key: http://www.mybetter.com/public_key.html