Prev-20 Home Next-20 1 msg Re: New gaim packages fix denial of service 1 msg tuning the samba log file 1 msg Philippe CAILLEAUD/SIEGE/MAIF est absent. 1 msg IPsec from native KAME in 2.6 kernel to FreeS/W... 11 msg Security fixes for mozilla and firefox in Sarge? 3 msg Re: [SECURITY] [DSA 765-1] New heimdal packages... 4 msg Please announce current lack of security support 2 msg Re: Bug#319406: heartbeat: upgrade and reconfig... 2 msg Linking monotone with the official lua shared l... 1 msg a compromised maschine 19 msg a compromised machine 1 msg ÃÈÁÄÄÏðîâîäêè-ÖÁÍîâèíêè-áàç-äàííûõÂÝÄ 1 msg Re: CD 2004 5 msg last -t lists all entries in wtmp 18 msg Help needed - server hacked twice in three days... 1 msg e-mail address change for Barrie Webster 2 msg freeRadius 1.0.4 IDS detected smbpasswd modified \ Albert Dorofeev (18 Jul 2005) . \ Mirco Bauer (19 Jul 2005) . . \ Albert Dorofeev (19 Jul 2005) 2 msg Re: [MIB-Admin] [SECURITY] [DSA 757-1] New krb5... 1 msg Re: New krb5 packages fix multiple vulnerabilities Prev-20 Home Next-20

Prev-Msg Prev-Thread Debian-security Jul-2005 Next-Thread Next-Msg Subject: IDS detected smbpasswd modified Group: Debian-security From: Albert Dorofeev Date: 18 Jul 2005 Hello, all! Looking at how samhain was recommended as a pain-free IDS here, I decided to give it a try. I never had enough time to configure a IDS properly in the past. Now samhain seems to work fine and does not appear to be too difficult at the first sight. Thanks for the recommendation. Anyway, samhain detected a problem with /etc/samba/smbpasswd. Here is what I got suddenly: CRIT : [2005-07-18T13:26:28+0200] msg=<POLICY [ReadOnly] --------T->, path=</etc/samba/smbpasswd>, ctime_old=<[2005-07-18T09:23:20]>, ctime_new=<[2005-07-18T09:44:55]>, Here is the output of stat: root@horse:/etc/samba# stat smbpasswd File: `smbpasswd' Size: 106 Blocks: 8 IO Block: 4096 regular file Device: 301h/769d Inode: 33636 Links: 1 Access: (0600/-rw-------) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2005-07-18 14:52:40.000000000 +0200 Modify: 2005-01-21 13:54:21.000000000 +0100 Change: 2005-07-18 11:44:55.000000000 +0200 Does anyone have any idea why the ctime would change so often for a file that is essentially not changing in any way, especially not the attributes? Thanks in advance, Albert -- To UNSUBSCRIBE, email to debian-security-REQUEST with a subject of "unsubscribe". Trouble? Contact listmaster Prev-Msg Prev-Thread Debian-security Jul-2005 Next-Thread Next-Msg

© 2004-2008 readlist.com