Re: strange AIDE reports
> Of course, but every time I run apt, I run aide --update, too, and
> move the aide.db.new to aide.db. Besides this started right after
> installation - before installing anything new.
Silly to reply to myself, but I had a series of strange crashes:
kswapd went defunct and after that pretty much nothing worked, as
might be guessed, including 'shutdown -r now'. Did not have SysRQ
build into kernel... So, I presumed that these might have something to
do with my setting some drive parameters with hdparm (my drive insists
on starting up in pio4 mode though both the chipset and the drive can
do udma2 - seagate claims the drive can do udma4, but I now doubt it
since IBM claims its ata100-drives can do only udma4 and this old drive
certainly is not ata100). So, I reduced my drive setting to udma2.
This stopped the crashes, but did not help aide:
I run, sequentially:
aide --init
mv /var/lib/aide/aide.db.new /var/lib/aide/aide.db
aide --check
and got:
Changed files:
changed:/usr/bin/ddd
changed:/usr/sbin
changed:/usr/lib
changed:/usr/lib/netscape/477/communicator/communicator-smotif.real
changed:/usr/lib/librecode.so.0.0.0
changed:/usr/lib/mozilla/components/libgkcontent.so
changed:/usr/lib/mozilla/components/libmsgimap.so
I guarantee, mozilla was not running, netscape was not running and
lsof (right after aide --check) did not report librecode.so.0.0.0 as
open. I would be worried if aide reported some sensitive files (ddd or
/usr/sbin could be regarded sensitive) as changed, but these files seem
totally random! After this, I reran 'aide --check' and got a segfault.
Repeat as many times as I would, all get segfaulted... Aide broken?
Aide version is sid's: 0.7-10.
--
-----------------------------------------------
| Juha Jäykkä, juolja@utu.fi |
| home: http://www.utu.fi/~juolja/ |
-----------------------------------------------
Reply to: