binaries grow overnight, but rpm -V does not catch the changes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I upgraded tripwire from tripwire-2.3.1-20.fdr.1.1.i386.rpm to tripwire-2.3.1-21.i386.rpm, the initial check caught the changes (which were then accepted), but then my nightly check caught again changes in the tripwire binaries.  Here is the jist of them (obviously the checksums and inodes changed as well):
  • /usr/sbin/siggen grew from 1240308 to 1246768
  • /usr/sbin/tripwire grew from 1779188 to 1785884
  • /usr/sbin/twadmin grew from 1609652 to 1616280
  • /usr/sbin/twprint grew from 1369780 to 1376428
Surprisingly, rpm -V tripwire only reports (expected) changes to policy and configuration files, and is happy about the binaries!  Files extracted manually from the original rpm show the same characteristics as the original install (the "from" values in the list above). 
 
I am suspecting prelink is the culprit (found entries for all of the above in /var/log/prelink.log), but that still does not explain why rpm -V is absolutely silent about the changes? 
 
--Marcin
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux