Johnny Tan wrote:
I saw this in Logwatch today for one of my servers:
--------------------- yum Begin ------------------------
Packages Installed:
samba-common.i386 3.0.23c-2.el5.2.0.2
samba.i386 3.0.23c-2.el5.2.0.2
Packages Erased:
samba-common
samba
---------------------- yum End -------------------------
No one, including myself, has even logged into this box in the past few
days (verified by asking the only other two people who have access and
also looking at the last & secure logs).
And neither /var/log/yum.log or /var/log/rpmpkgs shows samba at all
being installed/erased/present.
I ran both chkrootkit and rkhunter, and both turned up clean.
Since this box is behind a firewall with only a few IPs given access to
it, I'm thinking that it's not been rooted, but I can't seem to find any
other explanation for this.
The only thing that runs on this server is httpd and jetty. Everything
else is done manually including yum updates. And nothing that runs on
this machine would ever need samba.
Has anyone ever encountered something like this?
johnn
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
If I may refer you to this thread, I believe your observations are
similar to mine earlier this month:
http://lists.centos.org/pipermail/centos/2008-May/098839.html
and the cause is likely similar. Checking /var/log/yum.log for entries 1
year ago should confirm this.
Regards,
Ned
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
