Strange package checksum report
Garrett Wollman
wollman at bimajority.org
Thu Jan 29 07:28:12 UTC 2015
<<On Sun, 25 Jan 2015 11:29:46 +0100, Dag-Erling Smørgrav <des at des.no> said:
> I assume that you're using official packages and don't have a locally
> compiled Python interpreter or anything like that?
We build our own package repositories.
> Could you perhaps turn on auditing in order to find out what's touching
> these files?
Maybe. It will probably take a while. My a priori guess, knowing
that we don't directly use any python programs is that it's either
some Nagios plugin or some Munin plugin (there are a few that are
written in python) that's actually causing the files to get updated.
There's nothing else that should be running as root on these systems.
If I get a moment, I can check which plugins meet those criteria and
try disabling them.
-GAWollman
More information about the freebsd-security
mailing list