Wire tripped
Bill Perkins
perk at iag.net
Thu Oct 6 12:45:25 UTC 2005
Scot L. Harris wrote:
>
> How long had tripwire been running prior to this event? Prelink caused
> me a fit once on a new system I had setup. The next morning it looked
> like everything had been compromised.
Since September or so.
> I believe you can use rpm to validate the files on your system. rpm is
> prelink aware. Check the verify option of rpm. If that shows things
> don't match up then you have a system that may have been compromised.
I'll take a look into that. What is 'prelink'?
> Because it is reporting huge numbers of files on your system I am
> thinking this is due to prelinking. I suspect that all the files
> reported are executables and not text config file.
Most are executables, some libraries as well (in /usr/lib, openoffice, a
bunch of others).
--
-------------------------------------------------------------------------------
"The two most common things in the | Bill Perkins
universe are Hydrogen and Stupidity." | perk at iag.net
| programmer-at-large
F. Zappa | ALL assembly languages done here.
-------------------------------------------------------------------------------
More information about the fedora-list
mailing list