On Thursday 06 October 2005 08:58, Scot L. Harris wrote: > On Thu, 2005-10-06 at 08:45, Bill Perkins wrote: > > > I believe you can use rpm to validate the files on your system. rpm is > > > prelink aware. Check the verify option of rpm. If that shows things > > > don't match up then you have a system that may have been compromised. > > > > I'll take a look into that. What is 'prelink'? > > > > > > Most are executables, some libraries as well (in /usr/lib, openoffice, a > > bunch of others). > > Prelink is used to modify ELF shared libraries and ELF dynamiclly linked > binaries to reduce startup time. Check out the man page for prelink to > get more details. > > The changes you describe are consistent with prelink. You could try something like; --> rpm -vV -a > /root/rpm_verify Then try less the file /root/rpm_verify.
