Re: /usr/bin/login patch questionFrom: Cy Schubert - ITSD Open Systems Group (Cy.Schubert@uumail.gov.bc.ca)
- Previous message: email@example.com: "Uptime vrs. security policy (Was: Re: Sun Solaris login bug patches out)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: "Peter L. Ashford" <ashford@SDSC.EDU> Date: Mon, 31 Dec 2001 11:25:44 -0800
In message <Pine.SGI.firstname.lastname@example.org>,
> The 'chmod' command does not change the modification time of the inode.
> This is also true for other, similar, commands ('chown', 'chgrp', etc.).
> That time is only changed when a write to the file is performed. There is
> a field in the inode ('ic_ctime') that should be updated when a 'chmod'
> command is executed. This information can be accessed with the '-c'
> option of 'ls'. I don't know how you could change Tripwire to do this,
> but it seems to me that it would be useful.
Ctime is not what it seems. Veritas NetBackup, for example,will by
default reset atime to what it was prior to a file being backed up,
causing ctime to be altered. This is definitely a nuisance, sometimes
even a show stopper, when performing forensic analysis after an event.
As you said this also affects tripwire. You an alter tripwire's policy
file to ignore ctime.
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Team Leader, Sun/Alpha Team Email: Cy.Schubert@osg.gov.bc.ca
Open Systems Group, ITSD
Ministry of Management Services
Province of BC
FreeBSD UNIX: cy@FreeBSD.org