changed /dev/ttys is this normal?

From: Fernan Aguero (fernan@iib.unsam.edu.ar)
Date: 08/29/01 

Date: Wed, 29 Aug 2001 10:20:31 -0300
From: Fernan Aguero <fernan@iib.unsam.edu.ar>
To: FreeBSD Security <freebsd-security@freebsd.org>

Hi

I started using tripwire to monitor for changed files on my system.
I noticed that /dev/console and /dev/ttys were changed and the
tripwire report showed the following:

[...]

 Modified object name: /dev/console
 
  Property: Expected Observed
  ------------- ----------- -----------
  Object Type Character Device Character Device
  Device Number 160768 160768
  Inode Number 7208 7208
  Mode crw--w--w- crw--w--w-
  Num Links 1 1
* UID fernan (1001) root (0)
  GID wheel (0) wheel (0)
        
[...]

Modified object name: /dev/ttyp1
 
  Property: Expected Observed
  ------------- ----------- -----------
  Object Type Character Device Character Device
  Device Number 160768 160768
  Inode Number 7537 7537
  Mode crw--w---- crw--w----
  Num Links 1 1
* UID fernan (1001) root (0)
* GID tty (4) wheel (0)

[...]

Modified object name: /dev/ttyp6
 
  Property: Expected Observed
  ------------- ----------- -----------
  Object Type Character Device Character Device
  Device Number 160768 160768
  Inode Number 7547 7547
* Mode crw-rw-rw- crw--w----
  Num Links 1 1
* UID root (0) genhum2001 (1000)
* GID wheel (0) tty (4)

Is this normal? If so, is it safe to change tripwire's policy to
ignore this changes?

Thanks in advance for your help.

Fernan 

-- 
|  F e r n a n   A g u e r o  |  B i o i n f o r m a t i c s  |
|   fernan@iib.unsam.edu.ar   |      genoma.unsam.edu.ar      |
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message