AIDE found differences between database and files in dev directory!!

06-29-2005	#1 (permalink)
ddaas Just Joined! Join Date: Jan 2005 Location: Germany Posts: 69	AIDE found differences between database and files in dev directory!! Hi, AIDE found differences between database and files in dev directory!! I am almost sure that it wasn't a hack. How could the ctime of some files in dev be changed? What program could do that? As far as I know: The ctime--change time--is the time when changes were made to the file or directory's inode (owner, permissions, etc.). All files that were changed represent devices that I am not using (sound, scanner, mic, usb). This is a server without graphical interface installed, locked in a room (no one had physical access yesterday at 15:55:36) and no one has tried to access/install there devices. Ex: File: /dev/usb/scanner14 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 The ctime of all files was changed at the same time (2005-06-28 15:55:36 ). I also don�t know why the old ctime was 2005-06-21 15:16:24. Nothing special happened on 2005-06-21 15:16:24 but AIDE wasn�t installed on 2005-06-21 15:16:24 so I couldn�t notice that. What do you think? Should I worry? Here are some lines from AIDE report: File: /dev/audio1 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/audioctl Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/dsp Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/fd0CompaQ Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/dsp1 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/dsp56k Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/fb0 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/fb1 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/fb10 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/fb2 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/fb20 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/fb21 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/fb22 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/fb23 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/fb24 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/fb25 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/fb26 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/fb27 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/fb28 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/fb29 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/fb3 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/midi0 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/midi00 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/midi01 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/midi02 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/midi03 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/midi1 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/midi2 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/midi3 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/mixer Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/mixer1 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/ptmx Mtime : 2005-06-27 17:13:59 , 2005-06-28 17:33:37 File: /dev/radio0 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/radio1 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/radio2 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/radio3 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/sequencer Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/usb/dc2xx0 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/usb/dc2xx1 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/usb/dc2xx10 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/usb/scanner14 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/usb/scanner15 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/usb/scanner2 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/usb/scanner3 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/usb/scanner4 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/usb/scanner5 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/usb/scanner6 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36 File: /dev/usb/scanner7 Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36

07-05-2005	#2 (permalink)
Dolda2000 Linux Guru Join Date: Oct 2001 Location: Täby, Sweden Posts: 7,578	Well, that's what udev does. Its entire purpose is to update /dev nodes whenever the kernel gets a hotplug event.

Are you a Linux Guru who is willing to share your in-depth Linux knowledge? Try our new Article submission system.