Monday, 14 December 2009

AIDE/tripwire and prelink issue

How I discovered, both file integrity checking programs have issue with files changed by prelink. I have found the only option is to disable prelink in /etc/sysconfig/prelink file by changing
PRELINKING=yes to
PRELINKING=no
but I'm not sure that this is the best way. Other solution is to run
prelink -a
before make initial aide or tripwire databases, but prelink usually run every night (check /etc/cron.daily) and I have to know which updates (not packages itself, it is obvious, but shared libraries) force prelink to change many binary files again...

Life is full of compromises...

No comments: