[CentOS] Several files's checksum change without reason

kadafax

kadafax at gmail.com
Sat Aug 12 21:15:20 UTC 2006


William L. Maltby wrote:
> On Sat, 2006-08-12 at 19:10 +0200, kadafax wrote:
>   
>> Hi list,
>> I'm a bit worried here. On a server, Centos 4.3 fully-patched SELinux 
>> activated, Osiris (a decentralized scanner for files changes on distant 
>> servers) signaled me several changes on files who were not (at first 
>> sight) affected by a recent update (the list is below).
>> Is there a logic explanation for those changes to happen ? The "rpm -Va" 
>> command does not output md5sum change for those files.
>>     
>
> Date/time looks like it might be a cron scheduled event. My bet is
> prelink. Have you looked at the crontabs and/or logs?
>   
prelink appears there:
[root at server cron]# ll /etc/cron.daily/
total 76
lrwxrwxrwx  1 root root   28 Jun 29 20:27 00-logwatch -> 
../log.d/scripts/logwatch.pl
-rwxr-xr-x  1 root root  418 Feb 21  2005 00-makewhatis.cron
-rwxr-xr-x  1 root root  276 Feb 21  2005 0anacron
-rwxr-xr-x  1 root root  117 Mar 31  2005 epylog.cron
-rwxr-xr-x  1 root root  180 Aug 23  2005 logrotate
-rwxr-xr-x  1 root root 2133 Dec  1  2004 prelink
-rwxr-xr-x  1 root root  104 Jan  1  2006 rpm
-rwxr-xr-x  1 root root  121 Aug 22  2005 slocate.cron
-rwxr-xr-x  1 root root  286 Feb 21  2005 tmpwatch
-rwxr-xr-x  1 root root  158 Feb 18 15:38 yum.cron

Nothing in logs ( grep cron /var/log/messages*)

Is it possible for a cron job to modify binary's checksum and inode ?

>   
>> <snip>^2
>>     
>
>   




More information about the CentOS mailing list