[Aide] Aide alerts - Aide detects files added that are already present on the Filesystem
M D
dsmm4444 at gmail.com
Mon Jun 18 19:38:08 EEST 2018
Thank you for the explanation of the bit flip. I initially dismissed
it as some typo in the report that aide generated. I will check the
status of the filesystem.
Thank you once again very much.
Regards,
Max
On Sat, Jun 16, 2018 at 1:20 AM, Marc Haber <mh+aide at zugschlus.de> wrote:
> On Fri, Jun 15, 2018 at 04:03:18PM -0700, M D wrote:
>> I am using an ARM based environment with a NAND Flash using a JFFS2 filesystem.
>>
>> I have aide configured with p+i+u+n+s for /root
>>
>> 1) I observe in some instances that files that are already present are
>> detected as added.
>> 2) In some cases, the same file is detected as added and removed
>> 3) In some cases, I observe database read errors such as
>> gzread() failed: gzerr=: Input/output error!
>
> This is usually a sign of filesystem corruption or an hardware issue.
> Are you sure your system is ok?
>
>> f++++++++++++: /lib/modules/kernel/drivers/net/usb/cdc_ncm.ko
>> f------------: /lib/modules//kernel/drivers/net/usb/cdc_ncmnko
>
> That's not the same file. Since the file cdc_ncmnko is reported as
> "removed", I suspect that there was a bit flip in the database.
>
> n is 0x6e 01101110
> . is 0x2e 00101110
>
> So this is a clear bit flip. I'd distrust the system here.
>
> Greetings
> Marc
>
> --
> -----------------------------------------------------------------------------
> Marc Haber | "I don't trust Computers. They | Mailadresse im Header
> Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402
> Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
> _______________________________________________
> Aide mailing list
> Aide at ipi.fi
> https://www.ipi.fi/mailman/listinfo/aide
More information about the Aide
mailing list