verify installed files
Jeff Johnson
n3npq at mac.com
Sun Nov 11 21:18:41 PST 2007
On Nov 11, 2007, at 11:54 PM, Max Waterman wrote:
> Hi,
>
> I am trying to use rkhunter, which checks for root kits, and part
> of it's functionality requires the constructions of a table of
> hashes for each file on the system.
>
> However, before that is done, it is necessary to verify that the
> files are the same as the originals.
>
> Apparently, this can be done with a package manager, but I don't
> see such an option with smart. Could someone enlighten me?
>
If on a rpm managed system, one can verify installed file contents
using md5 hashes
carried in packages by doing
rpm -Va
The md5 hashes, if located in digitally signed package headers, are
quite trustworthy.
If the headers are not signed, then the other alternative is to get a
readonly
copy of the installed packages, and then (for each package) do
rpm -Vp somepkg*.rpm
which is equally trustworthy.
73 de Jeff
More information about the Smart
mailing list