Files changing in /lib/modules
This is a discussion on Files changing in /lib/modules within the Linux Security forums, part of the System Security and Security Related category; Hello all, According to an AIDE report I recieved this morning, in the past 24 hours the following files have ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-28-2005
|
|||
|
|||
Files changing in /lib/modules
Hello all,
According to an AIDE report I recieved this morning, in the past 24 hours the following files have changed. changed:/lib/modules/2.4.27-penguin/modules.dep changed:/lib/modules/2.4.27-penguin/modules.generic_string changed:/lib/modules/2.4.27-penguin/modules.pcimap changed:/lib/modules/2.4.27-penguin/modules.isapnpmap changed:/lib/modules/2.4.27-penguin/modules.usbmap changed:/lib/modules/2.4.27-penguin/modules.parportmap changed:/lib/modules/2.4.27-penguin/modules.ieee1394map changed:/lib/modules/2.4.27-penguin/modules.pnpbiosmap Is this something I should worry about? All files have the exact same timestamp on them and thats all that changed (see below). There are no other signs of intrusion, rkhunter and chkrootkit return false. No user accounts have been added, no suspicious process/network services. Is anyone able to alleviate my concerns? [Relevant output of 'aide --check'] File: /lib/modules/2.4.27-penguin/modules.dep Mtime : 2005-11-11 03:02:06 , 2005-11-28 22:30:32 Ctime : 2005-11-11 03:02:06 , 2005-11-28 22:30:32 File: /lib/modules/2.4.27-penguin/modules.generic_string Mtime : 2005-11-11 03:02:06 , 2005-11-28 22:30:32 Ctime : 2005-11-11 03:02:06 , 2005-11-28 22:30:32 File: /lib/modules/2.4.27-penguin/modules.pcimap Mtime : 2005-11-11 03:02:06 , 2005-11-28 22:30:32 Ctime : 2005-11-11 03:02:06 , 2005-11-28 22:30:32 File: /lib/modules/2.4.27-penguin/modules.isapnpmap Mtime : 2005-11-11 03:02:06 , 2005-11-28 22:30:32 Ctime : 2005-11-11 03:02:06 , 2005-11-28 22:30:32 File: /lib/modules/2.4.27-penguin/modules.usbmap Mtime : 2005-11-11 03:02:06 , 2005-11-28 22:30:32 Ctime : 2005-11-11 03:02:06 , 2005-11-28 22:30:32 File: /lib/modules/2.4.27-penguin/modules.parportmap Mtime : 2005-11-11 03:02:06 , 2005-11-28 22:30:32 Ctime : 2005-11-11 03:02:06 , 2005-11-28 22:30:32 File: /lib/modules/2.4.27-penguin/modules.ieee1394map Mtime : 2005-11-11 03:02:06 , 2005-11-28 22:30:32 Ctime : 2005-11-11 03:02:06 , 2005-11-28 22:30:32 File: /lib/modules/2.4.27-penguin/modules.pnpbiosmap Mtime : 2005-11-11 03:02:06 , 2005-11-28 22:30:32 Ctime : 2005-11-11 03:02:06 , 2005-11-28 22:30:32 -- Jon 
|
|
11-29-2005
|
|||
|
|||
|
Re: Files changing in /lib/modules
Jon wrote:
> Hello all, > > According to an AIDE report I recieved this morning, in the past 24 hours > the following files have changed. > > changed:/lib/modules/2.4.27-penguin/modules.dep > changed:/lib/modules/2.4.27-penguin/modules.generic_string > changed:/lib/modules/2.4.27-penguin/modules.pcimap > changed:/lib/modules/2.4.27-penguin/modules.isapnpmap > changed:/lib/modules/2.4.27-penguin/modules.usbmap > changed:/lib/modules/2.4.27-penguin/modules.parportmap > changed:/lib/modules/2.4.27-penguin/modules.ieee1394map > changed:/lib/modules/2.4.27-penguin/modules.pnpbiosmap > Have a look at /etc/prelink.conf, /etc/cron.daily/prelink and /var/log/prelink.log. If the changed files are listed in the log file, prelink may be the culprit (try `man prelink'). Regards, Steve Webster
|
Linear Mode
