From owner-freebsd-security Sat May 4 15:29:09 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id PAA06446 for security-outgoing; Sat, 4 May 1996 15:29:09 -0700 (PDT) Received: from mail.vividnet.com (mail.vividnet.com [206.149.144.3]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id PAA06441 for ; Sat, 4 May 1996 15:29:04 -0700 (PDT) Received: from taurus.vividnet.com (postmaster@mail.vividnet.com) by mail.vividnet.com (8.7.4/8.7.5) with ESMTP id PAA00984; Sat, 4 May 1996 15:26:56 -0700 (PDT) Received: (postmaster@taurus.vividnet.com) by taurus.vividnet.com (8.7.4/8.6.9) id PAA10008; Sat, 4 May 1996 15:30:36 -0700 (PDT) Date: Sat, 4 May 1996 15:30:36 -0700 (PDT) From: Brian Wang To: jamie cc: freebsd-security@FreeBSD.ORG Subject: Re: Weird system security output In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Sat, 4 May 1996, jamie wrote: > > Just last night, I'm having the same problem described above again > > (It occured couple of times before). Somehow, the date stamp gets altered > > for no reason...a compromised system? Again, checking the binary file > > from the backup/cdrom yielded nothing. The following is a nightly > > security check output from one of our server. Is there a rational > > explanation for this? Thanks in advance for any help/answer! > > > I have had this happen and have rationalized it, but I'm not sure if it > is a cause. I always thought that it was because of the sup process > adding new files and updating current ones. If I'm dead wrong please > correct me. We never sup...not even once yet. Our servers are running off stock FreeBSD2.1 release.