Bill Campbell wrote: > On Thu, Sep 13, 2007, Feizhou wrote: >>>> I have seen vi do this action when it didn't understand a keycode on teh >>>> terminal you are using properly... change the case of a few letters next >>>> to the cursor. But IIRC that was busybox vi. >>>> >>>> Is it crazy to propose someone opened /etc/passwd in vi, and saved it >>>> out without noticing this had happened? >>>> >> If you suspect your box has been rooted, then perhaps it is time to do >> some checking. >> >> rpm -Va > > Unfortunately that isn't much use if you're running the default > system with prelink as it changes large numbers of executables > rendering the RPM verify close to useless. > Eh? I thought it can figure out prelink's activity too? Has something changed?