Occasionally, I will get the following in my logwatch file (this is from yesterday, and I did not login yesterday):

--------------------- yum Begin ------------------------


Packages Installed:
sendmail-cf - 8.14.2-1.fc8.i386

---------------------- yum End -------------------------


I am the only one with an account on this LAMP server, so I would be the only one to install packages or perform any sort of update. Does anyone have any idea if it's possible that this package is updating itself? It seems suspect because if my server has been hacked, chances are it's some spammer looking to use my server to forward mail.

I have not logged into the server for several days, so I know I couldn't have even accidentally updated sendmail. Could someone give me some help as to how to figure out if I have been hacked? I've done the obvious - checked previous login attempt logs - nothing is there.

[root@myserver ~]# uname -or
2.6.25.14-69.fc8 GNU/Linux

Thanks in advance for any help.

It is very unlikely that a Fedora 8 system will update itself, just because Fedora 8 is way out of date and not been supported for a long time. There simply are no updates to apply to the system. I would strongly recommend to install a supported version of any distro, Fedora 8 has well known security issues that will never be fixed.

I'm always interested in dissecting a (perceived) compromised system however in this case I agree. The OP might learn where things went belly up but in the end that will be an exercise in futility as there's no compelling reason a Fedora 8 system should be re-installed (let alone be restored) and be allowed on the 'net again. The suggestion is to only backup files the OP can verify origin and modifications of.