William L. Maltby wrote:
On Sat, 2006-08-12 at 19:10 +0200, kadafax wrote:
Hi list,
I'm a bit worried here. On a server, Centos 4.3 fully-patched SELinux
activated, Osiris (a decentralized scanner for files changes on distant
servers) signaled me several changes on files who were not (at first
sight) affected by a recent update (the list is below).
Is there a logic explanation for those changes to happen ? The "rpm -Va"
command does not output md5sum change for those files.
Date/time looks like it might be a cron scheduled event. My bet is
prelink. Have you looked at the crontabs and/or logs?
prelink appears there:
[root@server cron]# ll /etc/cron.daily/
total 76
lrwxrwxrwx 1 root root 28 Jun 29 20:27 00-logwatch ->
../log.d/scripts/logwatch.pl
-rwxr-xr-x 1 root root 418 Feb 21 2005 00-makewhatis.cron
-rwxr-xr-x 1 root root 276 Feb 21 2005 0anacron
-rwxr-xr-x 1 root root 117 Mar 31 2005 epylog.cron
-rwxr-xr-x 1 root root 180 Aug 23 2005 logrotate
-rwxr-xr-x 1 root root 2133 Dec 1 2004 prelink
-rwxr-xr-x 1 root root 104 Jan 1 2006 rpm
-rwxr-xr-x 1 root root 121 Aug 22 2005 slocate.cron
-rwxr-xr-x 1 root root 286 Feb 21 2005 tmpwatch
-rwxr-xr-x 1 root root 158 Feb 18 15:38 yum.cron
Nothing in logs ( grep cron /var/log/messages*)
Is it possible for a cron job to modify binary's checksum and inode ?
<snip>^2
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
