strange AIDE reports

To: <debian-security@lists.debian.org>
Subject: strange AIDE reports
From: Juha Jäykkä <juolja@utu.fi>
Date: Mon, 24 Sep 2001 14:02:49 +0300 (EET DST)
Message-id: <[🔎] Pine.SOL.4.30.0109241358080.24547-100000@alya.utu.fi>

  I keep receiving strange reports from AIDE. The number of changed
files increases monotonically daily and the affair started immediately
after installation, so I doubt there has been a break-in - unless
someone managed to spoof my DNS queries or hijack my connections to
ftp.fi.debian.org. Aside from the understandable (are they, really?)
changes in Ctimes of /dev/xconsole and /dev/tty*, I get the following
(for example):
File: /usr/bin/splay
MD5: old = nuNALnPFG98QSxxAeJ2rZw== , new = hBi7I+KhEOWW5mfSciXJlg==
SHA1: old = 3lpox5dX50hvj3p6z0nyZ/cshFg= , new = mFPQd21+i8fF2LQJVZLitJZFx2U=

File: /usr/lib/Amaya/applis/bin/amaya
MD5: old = IQwcW65xdJIoC3/pAh6P8A== , new = 2HG/njXLRrF1GTp7Rd3EVw==

  The software versions are (all are unstable/i386):
Package: aide
Version: 0.7-10

Package: splay
Version: 0.9.5.1-3

Package: amaya
Version: 5.1-1

  Any ideas except a break-in?

-- 
		 -----------------------------------------------
		| Juha Jäykkä, juolja@utu.fi			|
		| home: http://www.utu.fi/~juolja/		|
		 -----------------------------------------------

Reply to:

Follow-Ups:
- Re: strange AIDE reports
  - From: vegard@engen.priv.no (Vegard Engen)

Prev by Date: RE: New IIS worm
Next by Date: Re: strange AIDE reports
Previous by thread: Subject!
Next by thread: Re: strange AIDE reports
Index(es):
- Date
- Thread