On Wednesday 14 June 2006 19:40, John Ziniti wrote:
William Hooper wrote:
John Ziniti wrote:
I'm looking at some strange behavior on a _very_ barebones installation. I'd like to get some feedback on possible logical explanations.
- What I'm seeing: The md5sum of all of my binaries in
/usr/bin and /usr/sbin are changing exactly one hour after installation of CentOS-4.3.
man prelink
Aha! Well, the good news is that you are, of course, right and there is a logical explanation for this after all (Whew!).
The only bad news I guess, is that I've wasted so much time looking for a mysterious problem that isn't there :-/
Just for posterity, the following was what I used to verify that the changes were from prelinking:
# prelink --undo /usr/sbin/lsof # md5sum /usr/sbin/lsof
Maybe not quite helpful for setting up tripwire, but rpm -V can verify checksums on files (or more correctly on files belonging to rpm packages) even with prelink enabled.
Alternatively, if you havn't found it yet, prelink is disabled in /etc/sysconfig/prelink.
/Peter
The md5sum from that last command gave me the result I desired. Re-running prelink on /usr/sbin/lsof gives me the "foreign" md5sum again. I guess I'll just have to prelink from now on before I initialize tripwire.
Thanks a ton, William. If you're ever in Boston, I owe you a [ affordable beverage of your choice ].
- JZ