
<html><body><p class="MsoNormal">Need advice/opinion on this issue.  Thanks in

      advance.</p>

    <p class="MsoNormal">Customer is concerned (as am I) that daily

      reports show the same file as "changed' when in reality, it has

      not changed in weeks.</p>

    <p class="MsoNormal">BACKGROUND:  Modified AIDE configuration is

      used as an “Auditing tool” for file integrity and is used for

      contracted periodic outside Auditors.</p>

    <p class="MsoNormal">I suspect this finding is caused by the setting

      of the file permissions.  However, I could be very wrong. But that

      is the only thing I see that seems "out of the ordinary."</p>

    <p class="MsoNormal">The Daily AIDE result findings shows a “C”

      which the aide.conf (5) man page states is a checksum difference

      finding.</p>

    <p class="MsoNormal">================================================================</p>

    <p class="MsoNormal">File in question:  (full path redacted) 

      /XXX/XXX/scripts/setup_env.sh</p>

    <p class="MsoNormal">-r-xr-x---. 1 project dev 4841 Jan 26 12:00

      setup_env.sh</p>

    <p class="MsoNormal">Date of this report/AIDE check:</p>

    <p class="MsoNormal">audit-2026-02-09_03:35:02.txt</p>

    <p class="MsoNormal">Contents of report: (which are repeated daily)</p>

    <p class="MsoNormal">Start timestamp: 2026-02-09 03:35:04 +0000

      (AIDE 0.16)</p>

    <p class="MsoNormal">AIDE found differences between database and

      filesystem!!</p>

    <p class="MsoNormal">Verbose level: 20</p>

    <p class="MsoNormal">Summary:</p>

    <p class="MsoNormal">  Total number of entries:      36</p>

    <p class="MsoNormal">  Added entries:                0</p>

    <p class="MsoNormal">  Removed entries:              0</p>

    <p class="MsoNormal">  Changed entries:              1</p>

    <p class="MsoNormal">---------------------------------------------------</p>

    <p class="MsoNormal">Changed entries:</p>

    <p class="MsoNormal">---------------------------------------------------</p>

    <p class="MsoNormal">f   ...    .C.. :

      /XXX/XXX/scripts/setup_env.sh</p>

    <p class="MsoNormal">---------------------------------------------------</p>

    <p class="MsoNormal">Detailed information about changes:</p>

    <p class="MsoNormal">---------------------------------------------------</p>

    <p class="MsoNormal">File: /XXX/XXX/scripts/setup_env.sh</p>

    <p class="MsoNormal">  SHA256   : y5GG64O1+gKA/rNSVySZpKdy3cn4pkm4 |

      YKmFstRIVnlo8V6X+2QqPyaudN4HTsgs</p>

    <p class="MsoNormal">             /t/xwNytP8w=                     |

      orwc+rgq2Ic=</p>

    <p class="MsoNormal">---------------------------------------------------</p>

    <p class="MsoNormal">The attributes of the (uncompressed)

      database(s):</p>

    <p class="MsoNormal">---------------------------------------------------</p>

    <p class="MsoNormal">/XXX/XXX/XXX/scripts/audit-daily/base_initfiles/aide.db.gz</p>

    <p class="MsoNormal">  SHA1     : cuhD06PS920kSibgfVSRTqZWnAw=</p>

    <p class="MsoNormal">  SHA256   : i6+pXcecIDLyXvb/JOpjrcKEDNs1YEZo</p>

    <p class="MsoNormal">             Hk0gmxC6Gac=</p>

    <p class="MsoNormal">  SHA512   : ta1tUDRZIfuZuBklRh46L8rCNnoKyD1R</p>

    <p class="MsoNormal">             uQ9xMGG1c+AAmaYIyGF1M4rY0AxkStqY</p>

    <p class="MsoNormal">             H0OWxF1M2P1akR/2eceMTg==</p>

    <p class="MsoNormal">End timestamp: 2026-02-09 03:35:04 +0000 (run

      time: 0m 0s)</p>

    <p class="MsoNormal">V/R</p>

    <p class="MsoNormal">John Jamerson</p>

    <p class="MsoNormal">Senior Unix Admin</p>

    <p class="MsoNormal"><br>

    </p>

    <p class="MsoNormal"> </p>

    <p class="MsoNormal"> </p>

    <p></p>

    <p><br>

    </p></body></html>