ctimeof seemingly random binary files changes on a regular basis. If third-party security monitoring software such as tripwire is used to monitor binary files, it will report files operated on by the
prelinkcommand as having been changed, thus requiring follow-up auditing to determine the cause.
[root@server ~]# ls -l /sbin/mount.vmhgfs -r-xr-xr-x 1 root root 57736 Jun 6 19:02 /sbin/mount.vmhgfs [root@server ~]# ls -lc /sbin/mount.vmhgfs -r-xr-xr-x 1 root root 57736 Jun 13 03:29 /sbin/mount.vmhgfs
[root@rhel01 ~]# stat /usr/bin/pr File: `/usr/bin/pr' Size: 64304 Blocks: 128 IO Block: 4096 regular file Device: 801h/2049d Inode: 663739 Links: 1 Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2014-06-17 13:18:02.000000000 -0400 Modify: 2014-03-05 07:21:43.000000000 -0500 Change: 2014-06-17 13:18:02.145999944 -0400
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 5
- prelink package
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.