I have a RH73 server that runs Tripwire on a nightly basis. I wrote a short Perl script that checks the signatures of the Tripwire binaries (twadmin, tripwire, and siggen) against their signatures that are stored on a read-only medium. These signatures were created when Tripwire was first installed a year ago. The server was up and running flawlessly for over 300 days until the other day when it crashed with nothing in the logs to show what happened. The next night I accidentally had yum updates started so it did a yum update and updated over 3500 files. It didn't touch the tripwire files, but for some reason the signatures on the Tripwire binaries changed. The files haven't been modified since 2002, according to the output of 'ls -l'. What would cause the signatures to change besides a hacker trying to cover up this tracks? Thanks, Chris -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
