jludwig wrote:
On Thursday 06 October 2005 08:58, Scot L. Harris wrote:
On Thu, 2005-10-06 at 08:45, Bill Perkins wrote:
I believe you can use rpm to validate the files on your system. rpm is
prelink aware. Check the verify option of rpm. If that shows things
don't match up then you have a system that may have been compromised.
I'll take a look into that. What is 'prelink'?
Most are executables, some libraries as well (in /usr/lib, openoffice, a
bunch of others).
Prelink is used to modify ELF shared libraries and ELF dynamiclly linked
binaries to reduce startup time. Check out the man page for prelink to
get more details.
The changes you describe are consistent with prelink.
Yes- after perusing the man page, that makes some sense. However, where
did prelink get triggered from? I sure didn't run it.
You could try something like;
--> rpm -vV -a > /root/rpm_verify
Then try less the file /root/rpm_verify.
Cool! I've had it running for a few hours now (this is a 1GHz PIII of
some sort, with 256M RAM, so it's not the fastest processor on the
block), and the output looks reasonable so far. I've just switched to
FC4 from Slackware, and I don't know all the ins and outs of rpm, yum,
and up2date, so even though I've been using Linux for 10 years now, I'm
still on a learning curve (which is why I jumped to Linux in the first
place). Thanks for all the help, I'll let you know what I find.
--
-------------------------------------------------------------------------------
"The two most common things in the | Bill Perkins
universe are Hydrogen and Stupidity." | perk@xxxxxxx
| programmer-at-large
F. Zappa | ALL assembly languages done here.
-------------------------------------------------------------------------------