yum installing packages all by itself - normal or security issue?
Occasionally, I will get the following in my logwatch file (this is from yesterday, and I did not login yesterday):
--------------------- yum Begin ------------------------
Packages Installed:
sendmail-cf - 8.14.2-1.fc8.i386
---------------------- yum End -------------------------
I am the only one with an account on this LAMP server, so I would be the only one to install packages or perform any sort of update. Does anyone have any idea if it's possible that this package is updating itself? It seems suspect because if my server has been hacked, chances are it's some spammer looking to use my server to forward mail.
I have not logged into the server for several days, so I know I couldn't have even accidentally updated sendmail. Could someone give me some help as to how to figure out if I have been hacked? I've done the obvious - checked previous login attempt logs - nothing is there.
[root@myserver ~]# uname -or
2.6.25.14-69.fc8 GNU/Linux
Thanks in advance for any help.
|