Re: What to do when rpm verification fails

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jul 07, 2006 at 05:29:40PM +0100, T. Horsnell wrote:
> S.5....T messages (accompanied by sporadic bursts of prelink
> activity but no error msgs - is this initiated by rpm if it thinks
> there is a problem?). I wrote a little script to 'rpm -V'

prelink changes files, altering their md5sums. rpm has to unprelink each
binary in order to compute its original checksum. For this reason, since
transparency/security is more important to us than the slight speed
increase, we turn off prelink by default here at BU.

> 2. almost all the entries with S.5... have a .T on the end,
>    and that those entries are in an rpm for which all entries
>    have a .T This suggests to me that there has been some sort
>    of package upgrade which is not being taken into account
>    during the verify.
>
> Looks like *something* is wrong, but quite what, I dont know.

If the RPM database got corrupted, you could see this sort of problem.

Something could have broken with prelink -- that would definitely cause it.

Alternately, someone could have broken into your system and replaced the
binaries. Or -- unlikely but possible -- you could have a virus.

Did you try the suggestion of running chkrootkit?


-- 
Matthew Miller           mattdm@xxxxxxxxxx          <http://mattdm.org/>
Boston University Linux      ------>              <http://linux.bu.edu/>


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux