I did updates from your repository yesterday: psa-proftp, mysql, and today i get this message from my rkhunter scan


Warning: Users have been added to the passwd file:
snortd:x:62:62:Snort Daemon:/var/lib/snort:/sbin/nologin
Warning: Groups have been added to the group file:
snortd:x:62:


What is that? Is this something bad? I didn't put this there, so could it be some kind of snoop?

Snort (www.snort.org) is a network based intrusion detection system. You might wanna check your yum logs to see how you got that installed

got it from art. guess i did not check what was being installed.

May 11 09:41:11 Installed: mysql-libs-5.0.79-1.el5.art.x86_64
May 11 09:41:12 Updated: mysql-5.0.79-1.el5.art.x86_64
May 11 09:41:12 Installed: 14:libpcap-0.9.4-14.el5.x86_64
May 11 09:41:13 Installed: libprelude-0.9.21.2-1.el5.art.x86_64
May 11 09:41:14 Installed: snort-2.8.1-5.el5.art.x86_64
May 11 09:41:16 Updated: mysql-server-5.0.79-1.el5.art.x86_64


So, i assume if from you that all is well. Correct. Therefore i should go ahead and configure? Is this something you recommend?

That would indicate to me that something else you had on the system has installed it as a dependency. Prelude perhaps, etc. Anyway, I cant really say yes or no here, this is one of those "it depends" things.