Results 1 to 2 of 2
Hi,
AIDE found differences between database and files in dev directory!!
I am almost sure that it wasn't a hack. How could the ctime of some files in dev be ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 06-29-2005 #1Just Joined!
- Join Date
- Jan 2005
- Location
- Germany
- Posts
- 69
AIDE found differences between database and files in dev directory!!
Hi,
AIDE found differences between database and files in dev directory!!
I am almost sure that it wasn't a hack. How could the ctime of some files in dev be changed? What program could do that?
As far as I know: The ctime--change time--is the time when changes were made to the file or directory's inode (owner, permissions, etc.).
All files that were changed represent devices that I am not using (sound, scanner, mic, usb). This is a server without graphical interface installed, locked in a room (no one had physical access yesterday at 15:55:36) and no one has tried to access/install there devices.
Ex: File: /dev/usb/scanner14
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
The ctime of all files was changed at the same time (2005-06-28 15:55:36 ). I also don�t know why the old ctime was 2005-06-21 15:16:24. Nothing special happened on 2005-06-21 15:16:24 but AIDE wasn�t installed on 2005-06-21 15:16:24 so I couldn�t notice that.
What do you think? Should I worry?
Here are some lines from AIDE report:
File: /dev/audio1
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/audioctl
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/dsp
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/fd0CompaQ
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/dsp1
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/dsp56k
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/fb0
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/fb1
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/fb10
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/fb2
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/fb20
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/fb21
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/fb22
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/fb23
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/fb24
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/fb25
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/fb26
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/fb27
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/fb28
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/fb29
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/fb3
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/midi0
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/midi00
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/midi01
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/midi02
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/midi03
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/midi1
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/midi2
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/midi3
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/mixer
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/mixer1
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/ptmx
Mtime : 2005-06-27 17:13:59 , 2005-06-28 17:33:37
File: /dev/radio0
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/radio1
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/radio2
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/radio3
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/sequencer
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/usb/dc2xx0
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/usb/dc2xx1
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/usb/dc2xx10
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/usb/scanner14
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/usb/scanner15
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/usb/scanner2
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/usb/scanner3
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/usb/scanner4
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/usb/scanner5
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/usb/scanner6
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
File: /dev/usb/scanner7
Ctime : 2005-06-21 15:16:24 , 2005-06-28 15:55:36
- 07-04-2005 #2Linux Guru
- Join Date
- Oct 2001
- Location
- Täby, Sweden
- Posts
- 7,578
Well, that's what udev does. Its entire purpose is to update /dev nodes whenever the kernel gets a hotplug event.
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
