Re: samhain reloads config
On Sun, Apr 22, 2007 at 10:42:50AM -0400, Michael Pobega wrote:
> On Sun, Apr 22, 2007 at 09:28:48AM -0400, Douglas Allan Tutty wrote:
> > Recently, I started getting messages like this:
> >
> > -----BEGIN MESSAGE-----
> > [2007-04-22T09:17:59-0400] 192.168.1.1
> > CRIT : [2007-04-22T07:24:49-0400] msg=<Runtime configuration reloaded>
> > -----BEGIN SIGNATURE-----
> > E1D70138C6594A219EEA319A19F3E7695562DB63D854C880
> > 000001 1177240614::192.168.1.1
> > -----END MESSAGE-----
> >
> > I didn't reload it. The computer is sitting here rsyncing Etch CD1 over
> > the dial-up link (only 28 hrs to go!).
> >
> > Any idea what causes this and should I be concerned?
>
> Looks like PGP signatures to me. I'm not sre if that means there is
> anything wrong, but all I know it is is definitely some sort of
> authentication signature, but what is it to? Are you netinstalling the
> packages or what?
Samhain is a file integrity checker (similar to integrit or tripwire)
that periodically verifies (by stored signatures) installed files. For
example, during an aptiutde update or package install, samhain will
email me a warning about changing files (or addition to monitored
directories). After the packages are installed, I tell samhain to
update its package signatures.
What this particular error is indicating is that something caused
samhain to reload its configuration. Samhain itself signes its emails;
that's the PGP signatures you're seeing.
The question is what caused samhain to reload its config.
Thanks,
Doug.
Reply to: