We added a couple of new boxes running CentOS 6 here at Hagen Hosting. They generally work really nicely, but I’ve been having this on going fight with AIDE and prelink.
Prelink seems like a good idea because it reduces the chance of an exploit working, but the honest truth is that it is annoying, potentially troublesome in terms of legal issues and security. More over, from what I read, prelink doesn’t add much extra security.
I find it particularly annoying when prelink runs each week and I’m confronted with the output from AIDE saying a bunch of files have changed. It would take hours to compare them all to see if they had changed because of an intrusion so I have to assume that they have changed because of prelink because they are listed in the prelink logs and timestamps match. But, you know, it just doesn’t feel secure.
More over prelink has become very annoying because for some reason that I have yet to work out, each night it keeps prelinking the same set of files. A few are compiled-from-source programs (like Apache), but some are standard libs.
To get it to stop I had to run prelink on those files manually and keep re-running it until it stopped saying that some of the files needed prelinking.
However after a valient attempt I’ve realised that prelink is just causing too many headaches and so I took the ultimate step — to disable it.
To disable prelink edit
Sometime in the next few days it will run prelink -ua to undo the pre-linking on all files then I’ll be done with it and the only changes to the system will be updates (or bad stuff :-)