[Aide] Weird AIDE problem

John Farmer jfarmer at iirenergy.com
Thu Mar 31 18:41:00 EEST 2005 

The file does change I made a backup but its so small I guess it doesnt 
really make a difference.  Here is a diff -a of a file before and after the 
heavy io.

*** opensslbackup       Tue Aug 24 09:15:32 2004
--- openssl     Tue Aug 24 09:15:32 2004
*************** X[^Ͷ*** 458,464 ****
   ‰äžèïêÿÿ돃ìPèôvƒìSèôòÿÿƒÄëЃìPè&    èÒåÿÿƒÄ 빍¶!     1Û9óŒÓ  1Û9óŒÔ--- 
458,464 ----
   ‰äžèïêÿÿ돃ìPèôvƒìSèôòÿÿƒÄëЃìPè&    èÒåÿÿƒÄ 
빍¶!     1Û9óŒÓ  1Û9óŒÔ*************** W‹rU‹zSƒìl‹‹h‰$‰l$‹X‹h‰\$‰l$‹X
*** 1300,1306 ****
   ‹œø1Ò÷4™ƒúv4Cûÿ  PVèoÁùÿƒÄƒøvCûÿ  P‹D$,PèÛ¿ùÿƒÄ
Àt4ƒì‹
! P‹D$Pè¿¿ùÿƒÄ
ÀtCûÿ$H‰D$D‰D$@ƒÄ,[^_]é*Áùÿv  ¿‹D$Õ‹WƒÓÑ0RUUè[–ÿÿƒÄ
À„ 
ÿÿÿƒìjW蕬ùÿƒÄ
Àu´é     ÿÿÿƒìhÁ´&
Àº$(90tTƒìhˆ  ÇÐU 
èI}ûÿƒÄëАƒì¡0V
ÀuƒÄÃìhàUjÇ0V--- 1300,1306 ----
   ‹œø1Ò÷4™ƒúv4Cûÿ  PVèoÁùÿƒÄƒøvCûÿ  P‹D$,PèÛ¿ùÿƒÄ
Àt4ƒì‹
! P‹D$Pè¿¿ùÿƒÄ
ÀtCûÿ$H‰D$D‰D$@ƒÄ,[^_]é*Áùÿv  ¿‹D$Õ‹WƒÓÑ0RUUè[–ÿÿƒÄ
À„ 
ÿÿÿƒìjW蕬ùÿƒÄ
Àu´é     ÿÿÿƒìhÁ´&
Àº$(90tTƒìhˆ  ÇÐU 
èI}ûÿƒÄëАƒì¡0V
ÀuƒÄÃìhàUjÇ0V


The file still works if you run it so I dont know really what is going 
on.  This isnt the only file that is changing.  A bunch of other binaries 
are also changing in the same way that the openssl binary is changing.

ssh,ssh-keyscan,h2xs,libnetcfg,sshd,pine,autoexpect,makemap,debugfs


Has anyone else seen anything like this?  I'm completely stumped.



At 12:39 AM 3/31/2005, you wrote:
>On Wed, 23 Mar 2005, John Farmer wrote:
>
> > I'm noticing some strange behavior on our server and I wondered if anyone
> > had seen anything like this before.
> > Here is how it started. On this day:
> >
> > Start timestamp: 2005-03-15 15:00:01
> >
> > File: /usr/local/ssl/bin/openssl
> > MD5 : WJvJGt/2UCv5nHph2RqTpQ== , 0HH05buevntg0SmoSlavvA==
> >
> >
> > So I updated the aide database and then the next day.
> >
> > Start timestamp: 2005-03-16 02:00:02
> >
> > File: /usr/local/ssl/bin/openssl
> > MD5 : 0HH05buevntg0SmoSlavvA== , WPOUrghNI3gE9TDt4DNqXA==
> >
> > So again I updated the aide database:
> > Start timestamp: 2005-03-17 02:00:03
> >
> > File: /usr/local/ssl/bin/openssl
> > MD5 : WPOUrghNI3gE9TDt4DNqXA== , WJvJGt/2UCv5nHph2RqTpQ==
> >
> >
> > So I reloaded it one more time.
> > Start timestamp: 2005-03-17 19:00:01
> > File: /usr/local/ssl/bin/openssl
> >    MD5      : WJvJGt/2UCv5nHph2RqTpQ==          ,
> > 0HH05buevntg0SmoSlavvA==
> >
> >
> >
> > Around 2am and 2pm is when this server is under very heaving IO from doing
> > backups.  The partition with the "changing" files is an EXT3 partition.
> > Anyone have any ideas on why this is happening?
>
>If the file doesn't change in reality, there must be a bug somewhere.
>Might want to try configure switch "--without-mmap".
>
>Duke NEMO / C.O.M.A
>alias pablo the pallo virolainen

More information about the Aide mailing list