I run ancient old tripwire nightly on my machines.  Yesterday, on my
SL4.4 laptop, I noticed that it had found changes to  "vipw" and other
security related tools.  A little concerned, I downloaded the latest
version of chkrootkit and ran it, finding no problems.  I looked at
the yum logs, and found a yum upgrade of util-linux from sl-errata;
the header file shows that vipw and the rest had been updated. 

False alarm, I am probably safe, assuming no outbreak of evil at SL or
TUV (=The Upstream Vendor in North Carolina, for those wondering).

I will react similarly if I ever see a change of the basic security
programs.  Is there anything else a prudent administrator should check
when these programs change?  

Keith

-- 
Keith Lofstrom          [log in to unmask]         Voice (503)-520-1993
KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon"
Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs