Date: Wed, 29 Aug 2001 10:20:31 -0300 From: Fernan Aguero <fernan@iib.unsam.edu.ar> To: FreeBSD Security <freebsd-security@freebsd.org> Subject: changed /dev/ttys is this normal? Message-ID: <20010829102031.A22076@iib005.iib.unsam.edu.ar>
next in thread | raw e-mail | index | archive | help
Hi I started using tripwire to monitor for changed files on my system. I noticed that /dev/console and /dev/ttys were changed and the tripwire report showed the following: [...] Modified object name: /dev/console Property: Expected Observed ------------- ----------- ----------- Object Type Character Device Character Device Device Number 160768 160768 Inode Number 7208 7208 Mode crw--w--w- crw--w--w- Num Links 1 1 * UID fernan (1001) root (0) GID wheel (0) wheel (0) [...] Modified object name: /dev/ttyp1 Property: Expected Observed ------------- ----------- ----------- Object Type Character Device Character Device Device Number 160768 160768 Inode Number 7537 7537 Mode crw--w---- crw--w---- Num Links 1 1 * UID fernan (1001) root (0) * GID tty (4) wheel (0) [...] Modified object name: /dev/ttyp6 Property: Expected Observed ------------- ----------- ----------- Object Type Character Device Character Device Device Number 160768 160768 Inode Number 7547 7547 * Mode crw-rw-rw- crw--w---- Num Links 1 1 * UID root (0) genhum2001 (1000) * GID wheel (0) tty (4) Is this normal? If so, is it safe to change tripwire's policy to ignore this changes? Thanks in advance for your help. Fernan -- | F e r n a n A g u e r o | B i o i n f o r m a t i c s | | fernan@iib.unsam.edu.ar | genoma.unsam.edu.ar | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010829102031.A22076>