On Wed, Nov 4, 2009 at 4:56 PM, Michael ODonnell <michael.odonn...@comcast.net> wrote: > ...so that system seems to have suffered disk corruption or compromise ...
Certainly some kind of corruption or compromise. There are other kinds of corruption beyond a bad disk, though. Logical corruption in the filesystem doesn't need to be due to a bad disk, for example. Although your symptoms don't seem indicate that. Do these various "corrupt" binaries actually seem to work? I'm wondering if, somehow, an RPM transaction didn't commit properly. Maybe RPM thinks it updated the binaries, and so updated the database, but the binaries are still old. Or maybe RPM updated the binaries but failed to update the database. In the past, RPM went to great lengths to prevent that from happening, and it usually succeeded. But I think some kind of software rot has set in against those features, because they don't seem to work as well as they used to. I know I've aborted yum in the past and had it leave the system in an inconsistent state (!!). If you suspect that might be it, one way to "fix" it might be to reinstall every package on the system. I believe the following would do that: yum reinstall $( rpm -qa --qf '%{name}\n' ) Note that I haven't ever tried or tested that. :) > I'm assuming the former given the large number of affected files ... Not just the number, but the pattern. Lots of those have nothing to do with any of the usual things attackers are interested in. They like to do things like modify rm and ls and passwd and such to hide their tracks and/or prevent you from kicking them off. Your list looks far too non-selective for it to be that. I suppose if it was a traditional computer virus that would also explain it, but viruses are really out of vogue these days. It's all worms, rootkits, and trojans. -- Ben _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/