I installed "check-packages" on our RH Linux 5.1 machine a few weeks ago. Last night I got the following message: --------------------------- check-packages run on Mon Jun 29 04:02:18 EST 1998 Listing installed packages... 376 packages installed changes from previous run... --- --- Checking Packages... changes from previous run... --- 95c95 < missing /dev/printer --- > ..5....T /dev/printer 109c109 < .M....G. /dev/ttyp0 --- > .M...U.. /dev/ttyp0 --- runtime 1585 seconds --------------------------------- (If you haven't heard of "check-packages", all it is a handy script that runs a "rpm -Va" every night and emails you a summary of its findings, somewhat like a Redhat specific TripWire) I had never seen any entries regarding /dev/printer before, and it seemed rather odd that it as listed as missing and then as failing the MD5 checksum and Timestamp check. I went in and took a look at /dev/printer: [root@wtlinux:/root]$ ls -l /dev/printer srw------- 1 root root 0 Jun 28 22:54 /dev/printer= So somehow /dev/printer had been changed into a socket file. I reinstalled the dev-2.5.9-1 RPM and it installed a /dev/printer that was a named-pipe. When I rebooted the server, /dev/printer was back to a socket file. Should I suspect this as the work of a hacker, or is there some other explanation? Thanks, -Brian PS Please CC me as I don't subscribe to the list. Thanx. -- PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES! http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe" as the Subject.