Hi John, Thank you for elaborating.
I read the web page you suggested, and then some related info. The "prelink" package is not installed on the debian based system that rkhunter reported changed inodes for. However, debian is run as a virtual private server (VPS) under a hypervisor named "Virtuozzo". If I understand correctly, the hypervisor can share the directory containing the files with changed inodes (/sbin) with other VPSes. However, I've installed packages that put files in /sbin, so it's not clear to me what the hypervisor really does. I'll ask the hosting company if the hypervisor runs prelink. Thank you for your thoughts. Kingsley On 09/20/11 10:59, John Horne wrote: > On Sat, 2011-09-17 at 11:56 -0700, Kingsley G. Morse Jr. wrote: > > Hello John, > > > > I considered your suggestion. > > > > Is your understanding that "prelinking" links > > programs to libraries? > > > > If so, please elaborate on how linking might > > change a file's inode. > > > See: http://en.wikipedia.org/wiki/Prelink > > As far as I remember prelinking is forced every couple of weeks on > RedHat systems (no idea about other systems). As such the inodes will > change every so often. > > > > John. > > -- > John Horne, University of Plymouth, UK > Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 > > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure contains a > definitive record of customers, application performance, security > threats, fraudulent activity and more. Splunk takes this data and makes > sense of it. Business sense. IT sense. Common sense. > http://p.sf.net/sfu/splunk-d2dcopy1 > _______________________________________________ > Rkhunter-users mailing list > Rkhunter-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/rkhunter-users ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
