System Monitoring Plugins and Connectors (MOSC)

MOSC Banner

I have AIDE alert about changes, How to understand who made changes?

in System Monitoring Plugins and Connectors (MOSC) 2 commentsAnswered

Hello All

I am interesting about AIDE alert

On the Exadata cell node have alert from AIDE

"cat /var/log/aide/aide.log

Entry /root/.ssh/authorized_keys in databases has different attributes: 30020001d 20020001d

AIDE 0.15.1 found differences between database and filesystem!!

Start timestamp: 2021-06-24 03:06:05

changed: /etc/hosts"

But I have not changed

How to understand who made change?

I check /etc/hosts and there are

 stat /etc/hosts

 File: '/etc/hosts'

 Size: 493       Blocks: 8     IO Block: 4096  regular file

Device: 1030fh/66319d  Inode: 267412   Links: 1

Access: (0644/-rw-r--r--) Uid: (  0/  root)  Gid: (  0/  root)

Access: 2021-06-24 11:28:41.894225328 +0400

Modify: 2020-12-03 11:24:35.042899926 +0400

Change: 2020-12-03 11:24:35.043899943 +0400

Howdy, Stranger!

Log In

To view full details, sign in to My Oracle Support Community.

Register

Don't have a My Oracle Support Community account? Click here to get started.

Category Leaderboard

Top contributors this month

Instructions for posting

×

1. Select a discussion category from the picklist.


2. Enter a title that clearly identifies the subject of your question.


3. In the body, insert detailed information, including Oracle product and version.


Please abide by the Oracle Community guidelines and refrain from posting any customer or personally identifiable information (PI/CI).


Cloud / Fusion customers - Our Cloud community has moved! Please go to Cloud Customer Connect .


New to My Oracle Support Community? Visit our Welcome Center

MOSC Help Center