Woah... I just looked at /var/log/prelink.log, and every single file flagged by tripwire is also listed in the log. You may be on to something here, but then my question is, why now? The system's been up and running for a while now (a month at least) and only now does it start affecting them?Now, this doesn't have anything to do with the "prelink" routine that cron runs? Prelink changes file sizes and signitures but I don't know if it designed to hush up tripwire about these changes.
A preliminary test just done, shows that when I undo the prelink to one of the changed binaries, it reverts back to the original file size. Redoing the prelinking, and it goes back to the larger size. So maybe that's the answer, it's prelink doing this, and tripwire flagging them accordingly. So then the question still is: why now? Why not a week ago, or a month ago?
-- W | I haven't lost my mind; it's backed up on tape somewhere. +-------------------------------------------------------------------- Ashley M. Kirchner <mailto:ashley@xxxxxxxxxx> . 303.442.6410 x130 IT Director / SysAdmin / WebSmith . 800.441.3873 x130 Photo Craft Laboratories, Inc. . 3550 Arapahoe Ave. #6 http://www.pcraft.com ..... . . . Boulder, CO 80303, U.S.A.
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
