Verifying Package Integrity

The -V operation verifies a package—it checks various pieces of information concerning the package's files and compares them to information stored in the RPM database. The result looks something like this:

Only files that differ from the original in some way are reported. The first eight characters are a code for the differences—a period (.) means that a feature hasn't changed, but an alphanumeric code indicates that it has changed. Specifically, the fields are the size (S), permissions (mode; M), Message Digest 5 (MD5; 5) sum, device numbers (D), readlink path mismatch (L), user ownership (U), group ownership (G), and time stamp (T). If a c appears after this eight-character string, the file is a configuration file. Changes in configuration files are not uncommon, but changes in other file types could spell trouble, such as disk errors, filesystem bugs, or security problems.

Tip RPM wasn't intended as a security tool, but it can serve as a check of system integrity in a pinch. RPM isn't entirely reliable in this function, though—an intruder need only install a package using RPM to make it useless as a test. Chapter 21, "Detecting Intruders," includes information on far better intrusion-detection tools.

You can check the integrity of all the packages on your system by typing rpm -Va. Unfortunately, changes in some files—even some nonconfiguration files—are perfectly normal. Therefore, this command will produce a lot of output, making it hard to determine which deviations are important and which are not.

0 0

Post a comment