[CentOS] samba & samba-common installed then erased, but by whom?
Ned Slider
ned at unixmail.co.uk
Fri May 16 15:59:38 UTC 2008
Johnny Tan wrote:
> I saw this in Logwatch today for one of my servers:
>
> --------------------- yum Begin ------------------------
>
>
> Packages Installed:
> samba-common.i386 3.0.23c-2.el5.2.0.2
> samba.i386 3.0.23c-2.el5.2.0.2
>
> Packages Erased:
> samba-common
> samba
>
> ---------------------- yum End -------------------------
>
> No one, including myself, has even logged into this box in the past few
> days (verified by asking the only other two people who have access and
> also looking at the last & secure logs).
>
> And neither /var/log/yum.log or /var/log/rpmpkgs shows samba at all
> being installed/erased/present.
>
> I ran both chkrootkit and rkhunter, and both turned up clean.
>
> Since this box is behind a firewall with only a few IPs given access to
> it, I'm thinking that it's not been rooted, but I can't seem to find any
> other explanation for this.
>
> The only thing that runs on this server is httpd and jetty. Everything
> else is done manually including yum updates. And nothing that runs on
> this machine would ever need samba.
>
> Has anyone ever encountered something like this?
>
> johnn
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
If I may refer you to this thread, I believe your observations are
similar to mine earlier this month:
http://lists.centos.org/pipermail/centos/2008-May/098839.html
and the cause is likely similar. Checking /var/log/yum.log for entries 1
year ago should confirm this.
Regards,
Ned
More information about the CentOS
mailing list