[Aide] Aide alerts - Aide detects files added that are already present on the Filesystem
Marc Haber
mh+aide at zugschlus.de
Sat Jun 16 11:20:30 EEST 2018
On Fri, Jun 15, 2018 at 04:03:18PM -0700, M D wrote:
> I am using an ARM based environment with a NAND Flash using a JFFS2 filesystem.
>
> I have aide configured with p+i+u+n+s for /root
>
> 1) I observe in some instances that files that are already present are
> detected as added.
> 2) In some cases, the same file is detected as added and removed
> 3) In some cases, I observe database read errors such as
> gzread() failed: gzerr=: Input/output error!
This is usually a sign of filesystem corruption or an hardware issue.
Are you sure your system is ok?
> f++++++++++++: /lib/modules/kernel/drivers/net/usb/cdc_ncm.ko
> f------------: /lib/modules//kernel/drivers/net/usb/cdc_ncmnko
That's not the same file. Since the file cdc_ncmnko is reported as
"removed", I suspect that there was a bit flip in the database.
n is 0x6e 01101110
. is 0x2e 00101110
So this is a clear bit flip. I'd distrust the system here.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
More information about the Aide
mailing list