Saul Arias wrote: > > Of course - that only works if some joker didn't uninstall that RPM :-) > > If /etc/redhat-release was edited and the redhat-release rpm was > uninstalled, I wouldn't worry about what Red Hat version I'm running. I > would do a format and reinstall.
Not if you held the RHCE title. We're "taught" that reinstalling (also known as the newbies way out) is not an option (unless of course you suspect a compromise) :-) There may be reasons why users would remove this package (or the files) if you were building a minimal machine acting as say a firewall or router and didn't want to give away the release version at a login prompt. Those machines would probably be running tripwire of course so it would be obvious if the change was intentional or otherwise. There are other ways to determine the release. Certain RPM versions are only included with certain Red Hat releases. Take a sampling of rpm -qa and compare it to rpmfind.net. Of course, it could also be a compromise (though why would a hacker remove that?). Now if you suspected a compromise, format and install away! -Rick (who's trying to rid the world of "reformatters and reinstallers when something just doesn't work quite right" admins) -- Rick Johnson, RHCE - [EMAIL PROTECTED] Linux/WAN Administrator - Medata, Inc. (from home) PGP Key: https://mail.medata.com/pgp/rjohnson.asc -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
