Daniel J Walsh wrote: > >>I am running FC3 with tripwire-2.3.1-20.fdr.1.1 (RPM), and all of a sudden, after months of successful "quite" or almost quiet bahvior, my nightly check reports over 6500 changes. This is very unusual for an "overnight" situation, and so I am trying to figure out what caused it. > >> > >> > >> > > > >Prelinking can result in such changes (verify some key files with "rpm -V" > >or even "rpm -Va"). But first of all, you should update your tripwire > >package to FC3's. It's tripwire-2.3.1-21 in Fedora Extras. Your one is > >for FC1. > > > > > > > Are you seeing AVC messages in your log files? /var/log/messages and/or > /var/log/audit/audit.log FrontPage was giving me too much headache, so I set SELINUX to permissive, as I was running SE just to check it out. I am definitely getting AVC messages, but all related to FrontPage and httpd (FrontPage has its own cgi-like executable that tries to access things in weird places, and all of these get reported). Thanks! --Marcin
