[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

IDS detected smbpasswd modified

Hello, all!

Looking at how samhain was recommended as a pain-free
IDS here, I decided to give it a try. I never had
enough time to configure a IDS properly in the past.
Now samhain seems to work fine and does not appear to
be too difficult at the first sight. Thanks for the

Anyway, samhain detected a problem with /etc/samba/smbpasswd.
Here is what I got suddenly:
CRIT   :  [2005-07-18T13:26:28+0200] msg=<POLICY [ReadOnly] --------T->,
path=</etc/samba/smbpasswd>, ctime_old=<[2005-07-18T09:23:20]>,

Here is the output of stat:
root@horse:/etc/samba# stat smbpasswd
  File: `smbpasswd'
  Size: 106             Blocks: 8          IO Block: 4096   regular file
Device: 301h/769d       Inode: 33636       Links: 1
Access: (0600/-rw-------)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2005-07-18 14:52:40.000000000 +0200
Modify: 2005-01-21 13:54:21.000000000 +0100
Change: 2005-07-18 11:44:55.000000000 +0200

Does anyone have any idea why the ctime would change
so often for a file that is essentially not changing
in any way, especially not the attributes?

Thanks in advance,

Reply to: