LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 02-23-2006, 10:24 AM   #1
laggerific
Member
 
Registered: Jan 2006
Posts: 65

Rep: Reputation: 15
logwatch on RHEL keeps saying files have changed


Logwatch on one of our systems keeps sending out emails at night stating that certain files or their output have changed, files like resolv.conf. The same files everynight. Yet when I check the dates on the files, they haven't been updated in months. What output does resolv.conf have that would change if the file itself hasn't changed? Any thoughts on what may be causing this?
 
Old 02-23-2006, 12:38 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Are there any other files changed or reported similarly?
AFAIK Logwatch doesn't do anything but parse logs for messages to report.
If there's something changed it should come from some app it's reading the logs for.
I'd say verify the contents, after all resolv.conf is ASCII, do a "stat" so you can save the MAC times.
If the next day the M time wasn't changed then this could be either a false positive, or for instance a filesystem integrity check database that wasn't updated, or (when resolv.conf was changed) rpm -V should fail. Like that.
If it isn't any of those, and your filesystem supports it, and if you don't need it to be changed, you could make the file immutable (chattr) and see if anything complains about that.
 
Old 02-23-2006, 01:46 PM   #3
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,141

Rep: Reputation: 168Reputation: 168
It sounds more like something that tripwire would do.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
10.1 -> 10.2 which conf files changed? Vgui Slackware 3 09-21-2005 04:55 PM
IP addy changed, which files do I edit? WorldBuilder Linux - Networking 1 08-24-2005 10:01 PM
Howto list last changed files MicroSun Linux - Newbie 3 02-18-2005 05:52 PM
logwatch doesn't send emails after changed hostname? FLOODS Fedora 13 12-15-2004 12:37 PM
ownership of files changed after upgrade Tinkster Slackware 1 12-20-2002 07:34 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 02:17 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration