beat down - need help w/ prelinking errors after reinstall from hack
Steve Siegfried
sos at zjod.net
Sun Feb 18 08:19:20 UTC 2007
Bazooka Joe wrote:
>
> Yes I had already updated it and the errors showed up several hrs later.
>
>
> On 2/17/07, Steve Siegfried <sos at zjod.net> wrote:
> > Bazooka Joe wrote:
> > >
> > > Got rootkited on friday. spent today building a new box and moving
> > > data. now my new box is giving errors. I had been running rkhunter
> > > periodically as I reinstalled and then one time it came up w/ this
> > > prelink error so I ran rpm -qVa and you can see below. btw I am
> > > using fc4
> > >
> > > please don't tell me I have to start over.
> > >
> > > thx
> > > chris
> > >
> > > [root at localhost]# rpm -qVa
> > <rpm -qVa output deleted>
> >
> > Had you done any updates yet or was this FC4 "out of the box"?
> >
> > -S
> >
Here's the chain of events that ought to cause that:
1- you load FC4,
2- prelink runs via cron,
3- you run yumex or some such causing a library to be updated,
4- you run "rpm -qVa" which reports that "one of the file's
dependencies" (i.e.: that library) "has changed since
prelinking".
Not sure what you do at this point, except to let prelink run again
via it's cron script. Once that happens, the dependency messages from
"rpm -qVa" ought to go away.
Personally, the more I see of prelink, the more I want to turn it off.
-S
More information about the users
mailing list