do you have some application like tripwire running?
DOCUMENTATION: After a UNIX backup, inode change times (ctime) change to the actual time of the backup. This may cause alerts in some security programs.
http://support.veritas.com/docs/240723
Details:
Manual:
Veritas NetBackup (tm) 3.4 Troubleshooting Guide for UNIX
Veritas NetBackup (tm) 4.5 Troubleshooting Guide for UNIX
Veritas NetBackup (tm) 5.0 Troubleshooting Guide for UNIX and Windows
Veritas NetBackup (tm) 5.1 Troubleshooting Guide for UNIX and Windows
Modification Type: Addition
Modification:
Security programs that monitor intruder detection, such as Tripwire, Symantec Host IDS or Symantec Intruder Alert (ITA) perform checks on system integrity. This includes monitoring changes in inode times.
When Veritas NetBackup performs a backup, it changes the inode of every file so that the inode change time (ctime) reflects the actual time of the backup. This can cause security programs to flag the system administrator that every single file may have been compromised, thus potentially causing unexpected alarms.
By default, with UNIX backups, NetBackup will store the atime (last accessed time) and mtime (last modified time) of a file, back it up and then restore the atime with the UNIX system call, "utime". The reason for this is because the backup procedure would otherwise change all the last accessed times on the server to the backup time. The "utime" system call changes the inode time, which causes the aforementioned alarms.
Appending the following line to the client's /usr/openv/netbackup/bp.conf file can change this behavior:
DO_NOT_RESET_FILE_ACCESS_TIME
This means that the client's atimes would be changed to the time of the backup, but the ctime will no longer be changed; therefore stopping the security alarms. If there is concern about atimes being changed for every backup, also consider that the UNIX find command does this as well when executed.
NOTE: This solution should not be used if also running Storage Migrator on the client in question, as it can affect migration of files. See the NetBackup System Administrator's Guide for more details.
An additional document is available on this issue for Symantec Intruder Alerts (ITA):
http://entsupport.symantec.com/docs/n2002112214515853