[Wylug-help] avahi-autoipd
Roger
roger at roger-beaumont.co.uk
Thu May 7 13:30:01 UTC 2009
John Hodrien wrote:
> On Wed, 6 May 2009, Roger wrote:
<snip>
>> Does this mean I may be safe?
> I'd say so (although I've not got a Fedora 10 box to hand to be specific).
CentOS rather then F10, but still Red Hat...
> As a hunch, try:
>
> rpm -qi $(rpm -qf /etc/init.d/avahi-autoipd)
>
> I reckon that'll show an rpm that was installed on the day you say. Maybe
> not, as I'm guessing at what the service is called.
The same Logwatch report that frightened me contains:
--------------------- yum Begin ------------------------
Packages Installed:
perl-Convert-ASN1 - 0.20-1.1.noarch
avahi-compat-libdns_sd - 0.6.16-1.el5_2.1.x86_64
...
--------------------------------------------------------
In addition:
rpm -qi $(rpm -qf /etc/init.d/avahi*)
reported that avahi was built by CentOS, so it seems legit.
> Here's how I interpreted it:
>
>>>> --------------------- Connections (secure-log) Begin ------------------
>>>>
>>>> New Users:
>>>> avahi-autoipd (100)
>>>>
>>>> New Groups:
>>>> avahi-autoipd (101)
>
> I'm guessing a package got installed, and the package created a user and group
> for the service it's deploying.
>>>> Userhelper executed applications:
>>>> root -> system-config-services as root: 2 Time(s)
>
> Then the rpm will have triggered a postinstall script that enabled itself.
>
>>>> root -> pup as root: 1 Time(s)
>
> Isn't pup the update tool or similar in F10?
I've just checked; pup is a front-end for yum, so effectively, yes.
It all seems coherent - and that the only danger is my ignorance. Still
there's a little less of that now!
Thanks a lot for reassuring me, John.
Roger
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
More information about the Wylug-help
mailing list