Hi everybody,
I have a weird problem on a i386 box with OpenBSD 3.8. Im running the
patch branch with the AIDE package installed.
AIDE keeps reporting a change in the SHA1 checksum of /etc/motd. Even
after I run a "aide --update" and use the updated database for future
checks the checksum keeps changing. I didn't notice such a behavior
in the past. I protect my AIDE database by putting it into an
encrypted filesystem, that I only mount writable when I update the
database.
Any idea what is happening? The content of the file seems to be
unchanged when I look at it.
I did a thorough check of the system and didn't notice any funny
stuff. A portscan from the outside doesn't reveal any additional open
ports. In fact, the machine is not running any service other than
OpenSSH and doesn't allow root logins via SSH. It has a tight pf
ruleset. It gets patched as soon as new patches are released, there
are almost no packages installed (pico, aide and dependencies).
regards,
Tobias
- /etc/motd SHA1 checksum keeps changing Tobias Weisserth
-
