Tech Tip: Determining What's Been Changed on RPM Based Systems
As a consultant, I am often faced with an unfamiliar Linux system (usually RHEL). I always find it useful to understand which files that shipped with rpm packages have been modified, since it's usually a good indicator of what customizations have been performed on the system. To determine the modified files, I simply run:
% rpm -qa | xargs rpm --verify --nomtime | less # Sample output: missing /usr/local/src .M...... /bin/ping6 .M...... /usr/bin/chage .M...... /usr/bin/gpasswd ....L... c /etc/pam.d/system-auth .M...... /usr/bin/chfn .M...... /usr/bin/chsh S.5..... c /etc/rc.d/rc.local S.5..... c /etc/sysctl.conf S.5..... c /etc/ssh/sshd_config S.5..... c /etc/updatedb.conf
The following is taken from the rpm man pages (Verify Options section):
c %config configuration file. d %doc documentation file. g %ghost file (i.e. the file contents are not included in the package payload). l %license license file. r %readme readme file. S file Size differs M Mode differs (includes permissions and file type) 5 MD5 sum differs D Device major/minor number mismatch L readLink(2) path mismatch U User ownership differs G Group ownership differs T mTime differs
Using this trick, I can quickly determine what configuration files have been modified as well as any metadata modifications (ownership, link etc.).
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems
Join editor Bill Childers and Bit9's Paul Riegle on April 27 at 12pm Central to learn how to keep your Linux systems secure.
Free to Linux Journal readers.Register Now!
- Python Scripts as a Replacement for Bash Utility Scripts
- Cluetrain at Fifteen
- Considering Legacy UNIX/Linux Issues
- [<Megashare>] Watch Mrs Brown's Boys Movie Online Full Movie HD 2014
- Putlocker!! Watch Begin Again Online 2014 Streaming Full Movie
- Memory Ordering in Modern Microprocessors, Part I
- Getting Good Vibrations with Linux
- Security Hardening with Ansible
- New Products
- Cooking with Linux - Serious Cool, Sysadmin Style!