Hi.  I see something in my /etc/security output that I'm not sure why 
would
occur.  So, I wanted to ask why the check is in /etc/security, and if 
people
wise in the ways of BSD UNIXes (which I thought I was) can explain
why this might normally happen.

   I see:

Block device changes:
brw-r-----  1  root  operator  4,  1  Dec  26  19:50:42  2004  /dev/sd0b
brw-r-----  1  root  operator  4,  1  Apr  9   11:01:19  2005  /dev/sd0b

   As you might imagine, this is my swap device.

   Why might the mod time on a swap device change?  This system has
been up for quite a while, but has also been rebooted a few times.
Including once it appears at 7 am yesterday.  But, I'm 98% sure I didn't
change anything on this systems yesterday.  Actually, I'm 99% sure I
was asleep at 7 am yesterday, so perhaps it panic'd, and some action
related to a savecore might've modified the swap device?

   Hmm.  Okay, I now realize that the swap device mod time is exactly
4 hours later than the mod time on the netbsd.0.core.gz file (which I
just thought to go look for), and the reboot time in wtmpx.

   So, since I'm in EDT, that looks like some sort of error in the 
timezone
somewhere in the boot/savecore process.  Hmm.  Oh, I see now.
It's an error in that /etc/security seems to be running in GMT.  Was
that purposeful?  It was a little confusing to me:

% ls -l /dev/*sd0b*
crw-r-----  1 root  operator      13, 1 Dec 26 14:50 /dev/rsd0b
brw-r-----  1 root  operator       4, 1 Apr  9 07:01 /dev/sd0b
%

   Okay, well, I'll trace on the "why did the system reboot".  Can anyone
confirm that something about the savecore process might modify
the modification time of the swap block device?

   Thanks for listening.

                                        - Chris