New kernels are generated on every boot by relinking. Check your uptimes; they're likely to match kernel timestamps.
Get BlueMail for Android On Sep 18, 2022, 9:58 AM, at 9:58 AM, Austin Hook <aus...@hook.org> wrote: > >I noticed recently that some if my /bsd files are changing dates: > >First the data, then below, I note my guess as to what's happening... > >An Internet facing server: > >ls -lT /bsd* >-rwx------ 1 root wheel 20956100 Aug 14 09:54:46 2022 bsd >-rwx------ 1 root wheel 20954372 Jul 31 01:17:13 2022 bsd.booted >-rw------- 1 root wheel 10393418 Nov 3 18:53:52 2020 bsd.rd > > >Mailserver on a LAN > > ls -lT /bsd* >-rwx------ 1 root wheel 20959252 Sep 4 09:01:26 2022 /bsd >-rwx------ 1 root wheel 20953780 Sep 4 08:24:53 2022 /bsd.booted >-rw------- 1 root wheel 10393418 Jan 18 21:32:51 2021 /bsd.rd > > > >Internet facing server > >-rwx------ 1 root wheel 20961836 Sep 17 11:29:23 2022 bsd >-rwx------ 1 root wheel 20954668 Aug 28 15:21:24 2022 bsd.booted >-rw------- 1 root wheel 10393418 Oct 21 08:02:57 2020 bsd.rd > >The above three are version 6.8 > >In each case the sha256 checksums for /bsd do not seem to match the >distributed versions. Luckily those are still in the pub/openbsd >mirrors. > >And I also have a laptop running a very old version of OpenBSD, for >which >the /bsd seemed to have been corrupted by the time I was signing in >from a >hotel recently. It complained that it could not randomize the >libraries >on boot up. So it would not boot, although I could boot it up from an >external bootable hard drive containing a really old 5.3 image > >I also signed into one of my systems with "putty" which I loaded onto a > >friend's windows machine -- some time in August I think it was. > >I note: > >1) the /bsd.rd files were installed when I last updated the systems >above, >and the dates of these all correspond with other important files of the > >last upgrade or install. So at least most of those, have apparently >not >been touched. > >2) There seems to be a progression of date changing events in the /bsd >file images, in the different machines. > >Anyone know of another explanation other than someone sneakily hacking >at >my machines. > >Somehow, in some machine, I think my ssh sessions are being hacked. > >Looks like I have a lot of work to do. > > >Austin