[CentOS] Changes to inodes discovered by aide

Thu, 27 Sep 2012 19:04:07 -0700 

Hi.

On one of my servers aide just reported inode changes to a large bunch of files 
in a variety of directories, e.g. /usr/bin, /usr/sbin etc. This machine sits 
behind a couple of firewalls and it would be hard to get to.

The day before I updated "clam*" and updated the aide database right after that:

  -rw-------  1 root root 7407412 Sep 26 10:58 aide.db.gz


The problem was that the changes were made when no-one was in the office, here 
are a few:

   Directory: /usr/sbin
     Mtime    : 2012-09-26 10:55:15              , 2012-09-27 06:36:42
     Ctime    : 2012-09-26 10:55:15              , 2012-09-27 06:36:42
   File: /usr/sbin/wpa_supplicant
     Ctime    : 2012-09-07 06:39:44              , 2012-09-27 06:36:40
     Inode    : 2490595                          , 2490536
     MD5      : IVNJESmXwIG9XY0MowL3CA==         , DUQMpFMsKqlZgjOmJIp3OQ==
     RMD160   : 4xuWhqqliTLM5Jx6zAvQ9f1PY1c=     , AlSPQGiVe+/T8YdHDSIypI904kA=
     SHA256   : OaUWNIGUS9AhXEjV3p8Cg4TeIEjuQ/tu , 
z1c9XCKVyjDzDuN7t32B+sbj6nil90TK
   File: /usr/sbin/clamav-milter
     Size     : 202453                           , 206637
     Ctime    : 2012-09-26 10:55:15              , 2012-09-27 06:36:37
     Inode    : 2490507                          , 2490625
     MD5      : HoONWy9q+qbRzHtlTeR6Wg==         , klWTxNFmL8MEAQmIPwvHxg==
     RMD160   : lfa72Vrh6Q2DWjf+UIxREAK4V1Y=     , MPbEoKH/ws3aWA+sBuycRvU9DP0=
     SHA256   : aFRvKcA999IPRFJ2qByu8aKB6QmHpW5i , 
u0oTtBkHjchhlY8AIejOfKPoJRencpmK


Yum does not report anything (last 4 lines os yum.log)

   Sep 21 10:40:11 Installed: ghostscript-fonts-5.50-13.1.1.noarch
   Sep 26 10:55:14 Updated: clamav-0.97.6-1.el5.rf.x86_64
   Sep 26 10:55:15 Updated: clamd-0.97.6-1.el5.rf.x86_64
   Sep 26 10:55:15 Updated: clamav-milter-0.97.6-1.el5.rf.x86_64

I ran (a fresh install) of rkhunter, did not find a thing ... 

Is it possible that a change to one file sets of a domino effect of indode 
changes?


thanks
Jobst




-- 
Diplomacy: The art of saying, "Nice Doggy," until you can find a stick.

  | |0| |   Jobst Schmalenbach, jo...@barrett.com.au, General Manager
  | | |0|   Barrett Consulting Group P/L & The Meditation Room P/L
  |0|0|0|   +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Reply via email to