Mailinglist Archive: opensuse-security (520 mails)
| < Previous | Next > |
Re: [suse-security] IDS goes off at /etc
- From: Matthias Riese <matthias.riese@xxxxxxxxxxxxx>
- Date: 17 Jul 2002 19:24:34 +0200
- Message-id: <m2sn2ijmi5.fsf@xxxxxxxxx>
"GentooRulez" <paranoiac_user@xxxxxxxxxx> writes:
> and it should not be popper. So offer a wider range of the log prior to
> 22:04, cauze - as roman wrote - e.g.
> a mount cmd ends up with such modified [c|m]times.
The rest of the log around that time +-1 hour also just consists of
qrunner and popper log entries, dropped packages from the firewall
and:
Jul 16 21:59:00 p15089763 /USR/SBIN/CRON[14347]: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly)
Jul 16 22:59:00 p15089763 /USR/SBIN/CRON[14612]: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly)
There have been definitely NO mounts or umounts. At least not
regularly each day. Except if any SuSE cron job mounts and umounts
something regularly?
Best regards from Bremen, Mit freundlichen Grüßen aus Bremen,
Matthias Riese
> and it should not be popper. So offer a wider range of the log prior to
> 22:04, cauze - as roman wrote - e.g.
> a mount cmd ends up with such modified [c|m]times.
The rest of the log around that time +-1 hour also just consists of
qrunner and popper log entries, dropped packages from the firewall
and:
Jul 16 21:59:00 p15089763 /USR/SBIN/CRON[14347]: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly)
Jul 16 22:59:00 p15089763 /USR/SBIN/CRON[14612]: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly)
There have been definitely NO mounts or umounts. At least not
regularly each day. Except if any SuSE cron job mounts and umounts
something regularly?
Best regards from Bremen, Mit freundlichen Grüßen aus Bremen,
Matthias Riese
| < Previous | Next > |