(actually using 0.15-1, but couldn't select from dropdown)
There is code in aide to be able to verify the contents of prelinked files. That seems to work well, and I am glad to see the support for it. However, a side effect of this code (at least on CentOS 6) is that the directories that contain prelinked files get modified in the process. So every time you check the filesystem with aide, you are changing the modtimes of a large number of directories (like /bin, /sbin, /usr/bin, etc.)
"prelink --verify" writes a temporary file to the directory containing the binary to be verified. The file is removed, but of course, this causes the directory's mtime to change.
My solution is to copy the binary to a temp file first before running "prelink --verify" on the file. I won't claim my code is the best -- I don't do much C coding these days. I use hard-coded temp filename (I could have used tmpnam(), but that would have resulted in a huge number of files being created, since there's not really an easy way to clean up the files).
I won't be offended if somebody wants to take my idea and build a better solution from scratch. But the bottom line is that this version of aide is not usable if you're running prelinker.
Log in to post a comment.