On Thursday 06 October 2005 08:58, Scot L. Harris wrote:
On Thu, 2005-10-06 at 08:45, Bill Perkins wrote:
I believe you can use rpm to validate the files on your system. rpm is prelink aware. Check the verify option of rpm. If that shows things don't match up then you have a system that may have been compromised.
I'll take a look into that. What is 'prelink'?
Most are executables, some libraries as well (in /usr/lib, openoffice, a bunch of others).
Prelink is used to modify ELF shared libraries and ELF dynamiclly linked binaries to reduce startup time. Check out the man page for prelink to get more details.
The changes you describe are consistent with prelink.
You could try something like; --> rpm -vV -a > /root/rpm_verify Then try less the file /root/rpm_verify.