From owner-freebsd-security  Sat Aug  8 20:25:06 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id UAA03607
          for freebsd-security-outgoing; Sat, 8 Aug 1998 20:25:06 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from mail.camalott.com ([208.203.140.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA03588;
          Sat, 8 Aug 1998 20:25:00 -0700 (PDT)
          (envelope-from joelh@gnu.org)
Received: from detlev.UUCP (tex-97.camalott.com [208.229.74.97])
	by mail.camalott.com (8.8.7/8.8.5) with ESMTP id WAA29974;
	Sat, 8 Aug 1998 22:25:29 -0500
Received: (from joelh@localhost)
	by detlev.UUCP (8.8.8/8.8.8) id WAA18897;
	Sat, 8 Aug 1998 22:24:04 -0500 (CDT)
	(envelope-from joelh)
Date: Sat, 8 Aug 1998 22:24:04 -0500 (CDT)
Message-Id: <199808090324.WAA18897@detlev.UUCP>
To: brett@lariat.org
CC: dima@best.net, dg@root.com, roberto@keltia.freenix.fr,
        FreeBSD-security@FreeBSD.ORG, hackers@FreeBSD.ORG
In-reply-to: <199808080641.AAA16434@lariat.lariat.org> (message from Brett
	Glass on Sat, 08 Aug 1998 00:40:49 -0600)
Subject: Re: Does this mean we have another breakin?
From: Joel Ray Holveck <joelh@gnu.org>
Reply-to: joelh@gnu.org
References: <199808080135.SAA00798@implode.root.com> <199808080641.AAA16434@lariat.lariat.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

>> We usually get this bug once in two weeks. But since file by itself
>> stays the same and machine doesn't crash, fixing/finding the problem
>> wasn't in out TODO list.
> The MD5 of the file stayed the same, and diff reveals no change. But
> we can't turn off the alarm that's triggered by the date change in
> /usr/sbin without potentially missing breakins, so our two new admins 
> are constantly getting scary messages.

grep out what you're ignoring?

Happy hacking,
joelh

-- 
Joel Ray Holveck - joelh@gnu.org - http://www.wp.com/piquan
   Fourth law of programming:
   Anything that can go wrong wi
sendmail: segmentation violation - core dumped

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message