On Mon, Feb 02, 2004 at 10:59:11PM +0100, Andreas Schmidt wrote: > >> =-=-=-=-=-=-=-=-=-=-=-=-=- > >> Feb 2 06:33:11 server_name su[16863]: + ??? root:nobody > >
That's normal, its been discussed here before. It just needs to be added to logcheck patterns, a bug should be filed. > >'tiger' also reports - while performing signature check of system > >binaries, that /bin/ping, /usr/bin/chage, /usr/bin/at, /usr/bin/write > >and /usr/bin/inetd don not match. This can not be confirmed by aide > >(cd-burned database, unsafe binary) or debsums (unsafe binary). > > > Hi, > > have something similar here: > # Performing signature check of system binaries... Do _not_ rely on that if you are _not_ using a stable system.... (and really, even then, unless you've regenerated the database yourself). > Considerung this kind of behavior is on two machines now makes me > assume this might be another bug with tiger. :-) Well, it _kind_ of is, but that test should not be enabled on systems running sid or testing. The signature database is rarely updated (but you can update it yourself). In any case, rely on an integrity database (aide, tripwire, samhain, integrit... your call) instead of Tiger since it will only: - check against a signature database based on woody, which will never match yours. - check using 'debsums' which is not complete (some packages do not include md5 checksums for all the files) > BTW, the machine logging this has sid installed. > > Moreover, I got these messages: > # Performing check of 'services' ... (...) > > Is that anything to be worried about? After all, it's just some > mappings in /etc/services, or is it? I don't run an ircd (I know of), > for instance, and the other ports mentioned here are not shown as open > by nmap/netstat. Yes, that just compares the system's /etc/services against the list that Tiger has which, again, might not match what you have in a sid system if you have upgraded netbase. I will take care of those probably before the release, feel free to file a bug, however. Regards Javi
signature.asc
Description: Digital signature
