In short, the reason considering (and still only considering) turning it off is to make tripwire usable again (security vs. performance, I guess).
Is it possible to completely turn it off system-wide? Any additional steps needed on the existing system (that already have half of the binaries prelinked)?
What order of performance degradation to expect? If it is minor, nobody is going to cry about it. My old RH 7.3 systems don't have prelinking, and I don't see them being any slower than FC2 and newer systems that have prelinking...
---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
alex@milivojevic.org wrote:
In short, the reason considering (and still only considering) turning it off is to make tripwire usable again (security vs. performance, I guess).
in /etc/sysconfig/prelink change PRELINKING to no
to undo the changes you can run `prelink -ua`
- KB
alex@milivojevic.org wrote:
In short, the reason considering (and still only considering) turning it off is to make tripwire usable again (security vs. performance, I guess).
I really don't have any answers to your questions concerning prelinking, but have you considered alternatives to tripwire, such as: * AIDE * Samhain * Osiris to name a few.
Last time I tried, these all worked with the latest *NIX, prelinking or no.
--Shawn
Quoting "Shawn M. Jones" smj@littleprojects.org:
I really don't have any answers to your questions concerning prelinking, but have you considered alternatives to tripwire, such as:
- AIDE
- Samhain
- Osiris
to name a few.
Last time I tried, these all worked with the latest *NIX, prelinking or no.
Last time I checked AIDE, it was real pain to configure (real mess), and I was never able to get it to check things I want it to check, and ignore others.
I'm looking at Samhain for last week or two, and it looks usable. I'll be giving it a try, probably. However, Samhain is calling "prelink --verify" for each binary to be able to compute/check hash. Which gives big performance degradation. Well, better than nothing, I guess.
I haven't got to Osiris yet...
---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
On Thu, Jun 16, 2005 at 11:06:27AM -0500, alex@milivojevic.org wrote:
What order of performance degradation to expect? If it is minor, nobody is going to cry about it. My old RH 7.3 systems don't have prelinking, and I don't see them being any slower than FC2 and newer systems that have prelinking...
As I understand it, the biggest impact will be on startup times for big C++ applications -- KDE and Mozilla, maybe OpenOffice.org. I haven't tested extensively, but here we turn off prelinking for exactly this reason.
-
alex@milivojevic.org -
Karanbir Singh -
Matthew Miller -
Shawn M. Jones