RPM-based integrity checking

News	Recommended Links	RPM Tutorial	Reference	rpm man page
RPM-related PERL Modules and Utilities	Autoupdates	RPM-based checking	Creating custom RPMs	Humor	Etc

One nice feature of the RPM system is the -V (verify) option which allows you to get a handy list of which files differ between the package database records and their actual nodes in the filesystem. Thus you can see size, MD5 checksum, and especially ownership and permission differences which might be causing problems. Naturally it will also warning of any missing files.

If you suspect that your system is compromised, you can use the command:


	                        root# rpm -Va

to verify each file on the system. See the RPM man page, as there are a few other options that can be included to make it less verbose. Keep in mind you must also be sure your RPM binary has not been compromised. RPM can also be combined with PGP to check a package's signature. Typical output might look like the following:


	                          ..5....T /bin/login

should sound alarm bells. RPM produces the following useful output fields:

S - file size changed
M - file mode changed
5 - MD5 checksum failed
U - file owner changed
G - group changed

This means that every time a new RPM is added to the system, the RPM database is updated. Weekly snapshots are adequate but you have to decide the advantages versus drawbacks of more frequent snapshots, if the server is critical. Also, keep in mind that it won't verify programs that RPM did not install (that does not belong to any installed package).

Specifically, the files /var/lib/rpm/fileindex.rpm and /var/lib/rpm/packages.rpm most will fit on a single CD. Compressed, each should fit on a separate floppy. Consider storing and regularly updating this information (with the actual /bin/rpm executable)

News

www.rpm.org homepage - RPM Package Manager

The stated early (10 November 2002) roadmap for that new rpm-4.2 release is to include:

a) file classes (think: sanitized file (1) output in dictionary, per-file index).

b) file color bits (think: 1=elf32, 2=elf64).

c) attaching dependencies to files, so that a refcount is computible.

d) replacing find-{provides,requires} with internal elfutils/file-3.39.

e) install policy based on file color bits

f) --excludeconfig like --excludedocs with the added twist that an internal Provides: will be turned off, exposing a Requires:. This will provide a means to install all %config files from a separate package if/when necessary.

and teaching tripwire to read file MD5's from an rpm database.

rpm-4.2 will be the next release of rpm.

Copyright © 1996-2009 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. Submit comments This document is an industrial compilation designed and created exclusively for educational use and is placed under the copyright of the Open Content License(OPL). Site uses AdSense so you need to be aware of Google privacy policy. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

Disclaimer:

The statements, views and opinions presented on this web page are those of the author and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with.
We do not warrant the correctness of the information provided or its fitness for any purpose
In no way this site is associated with or endorse cybersquatters using the term "softpanorama" with other main or country domains (e.g. softpanorama.com) with bad faith intent to profit from the goodwill belonging to someone else.

Created: May 16, 1997; Last modified: August 15, 2009