Johnny Tan wrote: > I saw this in Logwatch today for one of my servers: > > --------------------- yum Begin ------------------------ > > > Packages Installed: > samba-common.i386 3.0.23c-2.el5.2.0.2 > samba.i386 3.0.23c-2.el5.2.0.2 > > Packages Erased: > samba-common > samba > > ---------------------- yum End ------------------------- > > No one, including myself, has even logged into this box in the past few > days (verified by asking the only other two people who have access and > also looking at the last & secure logs). > > And neither /var/log/yum.log or /var/log/rpmpkgs shows samba at all > being installed/erased/present. > > I ran both chkrootkit and rkhunter, and both turned up clean. > > Since this box is behind a firewall with only a few IPs given access to > it, I'm thinking that it's not been rooted, but I can't seem to find any > other explanation for this. > > The only thing that runs on this server is httpd and jetty. Everything > else is done manually including yum updates. And nothing that runs on > this machine would ever need samba. > > Has anyone ever encountered something like this? > > johnn > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > If I may refer you to this thread, I believe your observations are similar to mine earlier this month: http://lists.centos.org/pipermail/centos/2008-May/098839.html and the cause is likely similar. Checking /var/log/yum.log for entries 1 year ago should confirm this. Regards, Ned