Changed files (modification time) (UNIX)

Module: File Attributes

This check verifies the modification times of files that have the Modification Time option checked in their associated template records. Modification times are compared to the values stored in the agent's snapshot file. Note: modification time represents the last change made to the file's data.

The following table lists the error messages for the check.

Table: Error messages for Changed files (modification time)

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: STKU_DIFFATTRIB_R

Category: System Information

UNIX (5561)

Title: File attributes have changed

Description:At least one attribute in each of the listed files does not match a related value in the Symantec ESM snapshot file. These changes may represent a security problem. If the changes were made by the system administrator, you should update the snapshot file. If the changes were not authorized, you should restore the files from a backup or from the original distribution media. You should also run CRC and/or MD5 checks on the files to ensure file integrity. It is possible for an intruder to modify a file without changing the modification time.

Severity: red-4

Correctable: false

Snapshot Updatable: true

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_DIFFATTRIB_Y

Category: System Information

UNIX (5562)

Title: File attributes have changed

Description:At least one attribute in each of the listed files does not match a related value in the Symantec ESM snapshot file. These changes may represent a security problem. If the changes were made by the system administrator, you should update the snapshot file. If the changes were not authorized, you should restore the files from a backup or from the original distribution media. You should also run CRC and/or MD5 checks on the files to ensure file integrity. It is possible for an intruder to modify a file without changing the modification time.

Severity: yellow-1

Correctable: false

Snapshot Updatable: true

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_DIFFATTRIB_G

Category: System Information

UNIX (5563)

Title: File attributes have changed

Description:At least one attribute in each of the listed files does not match a related value in the Symantec ESM snapshot file. These changes may represent a security problem. If the changes were made by the system administrator, you should update the snapshot file. If the changes were not authorized, you should restore the files from a backup or from the original distribution media. You should also run CRC and/or MD5 checks on the files to ensure file integrity. It is possible for an intruder to modify a file without changing the modification time.

Severity: green-0

Correctable: false

Snapshot Updatable: true

Template Updatable: false

Information Field Format: [%s]