mickalo

Well-Known Member
Apr 16, 2002
782
5
318
N.W. Iowa
Hello,

we run the rookit hunter daily on our machine, and today we got this report:
Code:
/usr/sbin/prelink: /bin/more: at least one of file's dependencies has changed since prelinking

 /bin/more  [ BAD ]
is this something to be concerned about, haven't seen this one before. We did run the "rookit --update" also, but got the same report afterwards.

Update:
Found the problem from the FAQ's had to do with the prelink out of sync, which fixed it.


TIA,
Mickalo
 
Last edited:

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,466
31
473
Go on, have a guess
It's quite common, especially on a new OS install or a major OS update. For anyone else who finds the thread, this will usually fix it:

prelink -ua
 

mickalo

Well-Known Member
Apr 16, 2002
782
5
318
N.W. Iowa
Yup, that's it :)
is that the same as running /etc/cron.daily/prelink as recommended by the RootKit Hunter people ?? they also have small utility script that also runs called "hashupd.sh"
that is suppose to "fix local MD5 hash values" that the rootkit hunter uses, that's if your fimilar with this rootkit hunter utility.

Mickalo
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,466
31
473
Go on, have a guess
No, prelink -ua will remove the prelinks. The daily job will update existing ones and create new ones for those that have been removed. However that sometimes gets out of sync (AIUI) and removing the prelinks gets you back to a clean state.