I run ancient old tripwire nightly on my machines. Yesterday, on my SL4.4 laptop, I noticed that it had found changes to "vipw" and other security related tools. A little concerned, I downloaded the latest version of chkrootkit and ran it, finding no problems. I looked at the yum logs, and found a yum upgrade of util-linux from sl-errata; the header file shows that vipw and the rest had been updated. False alarm, I am probably safe, assuming no outbreak of evil at SL or TUV (=The Upstream Vendor in North Carolina, for those wondering). I will react similarly if I ever see a change of the basic security programs. Is there anything else a prudent administrator should check when these programs change? Keith -- Keith Lofstrom [log in to unmask] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs