tripwire
alan
alan at clueserver.org
Thu May 20 18:21:54 UTC 2004
On Thu, 20 May 2004, billg wrote:
> On Thu, 20 May 2004 11:07:42 -0700, "Jonathan Gardner"
> <jgardner at jonathangardner.net> said:
> > On Wednesday 19 May 2004 03:00 pm, Michael Yep wrote:
> > > Does anyone know why tripwire is not included in fedora? I there
> > > something better?
> >
> > rpm -V
>
>
> Can rpm be used to verify an entire filesystem with one command,
> including anything not controlled or installed by rpm? ? rpm -V seems
> to want a package name.
"rpm -Va" will check everything installed by rpm. It will not check
things not installed by rpm.
It is a useful test, but it does have some problems.
1) You will get false positives on config files modified since
installation.
2) If you have been rooted, the rootkit can modify the rpm database to
match the rootkit versions. (I have seen at least one case where this has
happened. I have also seen a case where they hopelessly bjorked the rpm
database trying to do this.)
It is a good test if you installed something from a "make install" that
you later feared that it overlayed something from an rpm package.
Now what really needs to happen is the ability of using an rpm database
and a pile of rpms to bring a system back into a more or less clean
state. (For example, if a person just happened to delete /bin as
superuser. (Which I have had to repair at least once on newbie users
machines.))
Using the rpm database to say "fix this system" would be a useful feature.
More information about the users
mailing list