 |
|
Verifying a package compares information about the installed files in the package with information about the files taken from the original package and stored in the rpm database. Among other things, verifying compares the size, MD5 sum, permissions, type, owner and group of each file. Any discrepencies are displayed. The package specification options are the same as for package querying.
Verifying rpms is used as a method of determing changes that may have been made to a system after a security breach. The form this takes is:
root@localhost # rpm -VaThis will report all changes to files since the original installation of packages. It requires some knowledge of the system to interpret, since many of the configuration files are changed immediately after an install. Files that were not installed from the package, for example documentation files excluded on installation using the "-excludedocs" option, will be silently ignored.
The format of the output is a string of 8 characters, a possible "c" denoting a configuration file, and then the file name. Each of the 8 characters denotes the result of a comparison of one attribute of the file to the value of that attribute recorded in the RPM database. A single "." (period) means the test passed. The following characters denote failure of certain tests: