tripwire reports major changes -- gcc or selinux or ...
Daniel J Walsh
dwalsh at redhat.com
Tue Jul 12 10:17:53 UTC 2005
Michael Schwendt wrote:
>On Mon, 11 Jul 2005 17:34:16 -0700, Marcin Struzak wrote:
>
>
>
>>I am running FC3 with tripwire-2.3.1-20.fdr.1.1 (RPM), and all of a sudden, after months of successful "quite" or almost quiet bahvior, my nightly check reports over 6500 changes. This is very unusual for an "overnight" situation, and so I am trying to figure out what caused it.
>>
>>
>>
>
>Prelinking can result in such changes (verify some key files with "rpm -V"
>or even "rpm -Va"). But first of all, you should update your tripwire
>package to FC3's. It's tripwire-2.3.1-21 in Fedora Extras. Your one is
>for FC1.
>
>
>
Are you seeing AVC messages in your log files? /var/log/messages and/or
/var/log/audit/audit.log
--
More information about the fedora-list
mailing list