What to do when rpm verification fails
Matthew Miller
mattdm at mattdm.org
Fri Jul 7 16:45:40 UTC 2006
On Fri, Jul 07, 2006 at 05:29:40PM +0100, T. Horsnell wrote:
> S.5....T messages (accompanied by sporadic bursts of prelink
> activity but no error msgs - is this initiated by rpm if it thinks
> there is a problem?). I wrote a little script to 'rpm -V'
prelink changes files, altering their md5sums. rpm has to unprelink each
binary in order to compute its original checksum. For this reason, since
transparency/security is more important to us than the slight speed
increase, we turn off prelink by default here at BU.
> 2. almost all the entries with S.5... have a .T on the end,
> and that those entries are in an rpm for which all entries
> have a .T This suggests to me that there has been some sort
> of package upgrade which is not being taken into account
> during the verify.
>
> Looks like *something* is wrong, but quite what, I dont know.
If the RPM database got corrupted, you could see this sort of problem.
Something could have broken with prelink -- that would definitely cause it.
Alternately, someone could have broken into your system and replaced the
binaries. Or -- unlikely but possible -- you could have a virus.
Did you try the suggestion of running chkrootkit?
--
Matthew Miller mattdm at mattdm.org <http://mattdm.org/>
Boston University Linux ------> <http://linux.bu.edu/>
More information about the fedora-list
mailing list