Hello,
i looked at the /var/log/security.log file and in it, i have warnings, every night the same one :
/*-------------------------*/
Security Warning: These config files belonging to packages are modified on the system :
/*-------------------------*/
what does it mean? i don't modify these files everyday.
does it mean that the files are different from what they should be, ie, as in the package? or does it mean that they are modified and so, different from the last security check?
i am french so i don't understand very well, and i don't know how to interpret these warnings...false alarm? because in the files mentionned i have rules for the IDS Snort. and i want to be sure there is no intrusion and that anyone would have modify the rules of Snort, for not being seen.
Thanks

Sounds like msec checking for file alteration. Does it actually list any files?

yes it lists files. they are configuration files

Could you post them?

Security Warning: These config files belonging to packages are modified on the s
ystem :
- /etc/X11/fs/config
- /etc/cups/classes.conf
- /etc/cups/cupsd.conf
- /etc/cups/printers.conf
- /etc/host.conf
- /etc/hotplug/blacklist
- /etc/info-dir
- /etc/login.defs
- /etc/modprobe.conf
- /etc/modprobe.preload
- /etc/modules
- /etc/modules.conf
- /etc/mtools.conf
- /etc/pam.d/system-auth
- /etc/ppp/chap-secrets
- /etc/ppp/options
- /etc/ppp/pap-secrets
- /etc/ppp/pppoe.conf
- /etc/printcap
- /etc/sane.d/dll.conf
- /etc/shells
- /etc/shorewall/interfaces
- /etc/shorewall/policy
- /etc/shorewall/rules
- /etc/shorewall/zones
- /etc/snort/rules/attack-responses.rules
- /etc/snort/rules/backdoor.rules
- /etc/snort/rules/bad-traffic.rules
- /etc/snort/rules/chat.rules
- /etc/snort/rules/ddos.rules
- /etc/snort/rules/deleted.rules
- /etc/snort/rules/dns.rules
- /etc/snort/rules/dos.rules
- /etc/snort/rules/exploit.rules
- /etc/snort/rules/finger.rules
- /etc/snort/rules/ftp.rules
- /etc/snort/rules/icmp-info.rules
- /etc/snort/rules/icmp.rules
- /etc/snort/rules/imap.rules
- /etc/snort/rules/info.rules
- /etc/snort/rules/misc.rules
- /etc/snort/rules/multimedia.rules
- /etc/snort/rules/mysql.rules
- /etc/snort/rules/netbios.rules
- /etc/snort/rules/nntp.rules
- /etc/snort/rules/oracle.rules
- /etc/snort/rules/other-ids.rules
- /etc/snort/rules/p2p.rules
- /etc/snort/rules/policy.rules
- /etc/snort/rules/pop2.rules
- /etc/snort/rules/pop3.rules
- /etc/snort/rules/rpc.rules
- /etc/snort/rules/rservices.rules
- /etc/snort/rules/scan.rules
- /etc/snort/rules/shellcode.rules
- /etc/snort/rules/smtp.rules
- /etc/snort/rules/snmp.rules
- /etc/snort/rules/sql.rules
- /etc/snort/rules/telnet.rules
- /etc/snort/rules/tftp.rules
- /etc/snort/rules/virus.rules
- /etc/snort/rules/web-attacks.rules
- /etc/snort/rules/web-cgi.rules
- /etc/snort/rules/web-client.rules
- /etc/snort/rules/web-coldfusion.rules
- /etc/snort/rules/web-frontpage.rules
- /etc/snort/rules/web-iis.rules
- /etc/snort/rules/web-misc.rules
- /etc/snort/rules/web-php.rules
- /etc/snort/rules/x11.rules
- /etc/snort/snort.conf
- /etc/sysconfig/bootsplash
- /etc/sysconfig/harddrake2/previous_hw
- /etc/sysconfig/msec
- /etc/sysconfig/snort
- /etc/sysconfig/syslog
- /etc/sysconfig/userdrake
- /etc/sysctl.conf
- /etc/syslog.conf
- /etc/xml/catalog
- /usr/share/config/kdeglobals
- /usr/share/config/kdesktoprc
- /usr/share/config/kdm/kdmrc
- /usr/share/config/konquerorrc
- /usr/share/sgml/docbook/xmlcatalog
- /var/lib/wine/windows/win.ini