[CentOS] Files being modified in /bin/

Mon Sep 26 13:44:22 UTC 2011
Micky L Martin <mickylmartin at gmail.com>

So apparently prelink was running.
I disabled it in /etc/sysconfig/prelink and ran 'prelink -ua' to undo the
linking.

I just stumbled upon a document (attached) describing how Linux used to have
a.out  <http://en.wikipedia.org/wiki/A.out> and now the ELF.

Though I never knew that prelink actually modifies the files and thought of
it as a cache library or something. Literally modifies!!

So, I assume the problem is solved as ls seems to have reverted back but if
not then it may be an LKM kit :|






On Mon, Sep 26, 2011 at 6:29 AM, Rob Kampen <rkampen at kampensonline.com>wrote:

> Jeremy Sanders wrote:
>
>> Micky L Martin wrote:
>>
>>
>>
>>> Because rpm and rpmverify also seemed to have been modified so I cannot
>>> trust 'rpm -V' package verification.
>>>
>>> Already did lsof and process tracing but to no avail. Does anyone have
>>> any
>>> idea how to find that culprit?
>>>
>>>
>>
>> Are you sure it's not prelink that's modifying the files? You can google
>> how to disable this.
>>
>>
> Any comments or thoughts from the list as to the benefit of prelink?
> does the system performance change if this is disabled?
> It causes issues with aide also.
>
>  Boot from a CD to check the checksums or run rpm if you want a clean
>> environment.
>>
>> Jeremy
>>
>>
>> ______________________________**_________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/**mailman/listinfo/centos<http://lists.centos.org/mailman/listinfo/centos>
>>
>>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20110926/0c8a2232/attachment-0005.html>