Suspicious file in 14.2?
by Gerard Lally from LinuxQuestions.org on (#51MV5)
I've been using dar from SBo to backup /data (sdc1 - xfs) to /backup (sdd1 - xfs).
The following warning appears after a backup (differential):
Code:SECURITY WARNING! SUSPICIOUS FILE /path/to/Slackware-14.2/patches/source/NetworkManager/NetworkManager.SlackBuild: ctime changed since archive of reference was done, while no other inode information changed.The archive of reference is a full dar backup. The error comes up when doing a differential or incremental dar backup with that full backup as its reference point.
This was the command I used for today's differential backup:
Code:dar -c /backup/$(date +%Y-%m-%d)-diff -R /data -A /backup/2020-04-01-fullThis created a differential backup of /data in /backup. The differential backup is called 2020-04-02-diff.1.dar, and it used yesterday's full backup, /backup/2020-04-01-full.1.dar, as its reference.
Google doesn't tell me much; the only reference I've found to a similar error related to Ubuntu, and it had to do with a dar upgrade from one version to another. Which doesn't apply here.
I'm running 14.2 amd64 ; the suspicious file is there because I rsync (from slackware.uk) some of the Slackware tree, including i586, just to have it available if needed.
Should we be concerned?
The following warning appears after a backup (differential):
Code:SECURITY WARNING! SUSPICIOUS FILE /path/to/Slackware-14.2/patches/source/NetworkManager/NetworkManager.SlackBuild: ctime changed since archive of reference was done, while no other inode information changed.The archive of reference is a full dar backup. The error comes up when doing a differential or incremental dar backup with that full backup as its reference point.
This was the command I used for today's differential backup:
Code:dar -c /backup/$(date +%Y-%m-%d)-diff -R /data -A /backup/2020-04-01-fullThis created a differential backup of /data in /backup. The differential backup is called 2020-04-02-diff.1.dar, and it used yesterday's full backup, /backup/2020-04-01-full.1.dar, as its reference.
Google doesn't tell me much; the only reference I've found to a similar error related to Ubuntu, and it had to do with a dar upgrade from one version to another. Which doesn't apply here.
I'm running 14.2 amd64 ; the suspicious file is there because I rsync (from slackware.uk) some of the Slackware tree, including i586, just to have it available if needed.
Should we be concerned?