On Thu, 2005-10-06 at 08:45, Bill Perkins wrote: > > I believe you can use rpm to validate the files on your system. rpm is > > prelink aware. Check the verify option of rpm. If that shows things > > don't match up then you have a system that may have been compromised. > > I'll take a look into that. What is 'prelink'? > > Most are executables, some libraries as well (in /usr/lib, openoffice, a > bunch of others). Prelink is used to modify ELF shared libraries and ELF dynamiclly linked binaries to reduce startup time. Check out the man page for prelink to get more details. The changes you describe are consistent with prelink.
