运行下面的命令可以检查rpm包安装后发生了什么改变
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
# rpm -Va
S.5....T. c
/etc/watchdog
.conf
S.5....T. c
/etc/xinetd
.d
/tftp
S.5....T. c
/etc/rc
.d
/rc
.
local
S.5....T. c
/etc/sysctl
.conf
S.5....T. c
/etc/bashrc
S.5....T. c
/etc/dhcp/dhcpd
.conf
....L.... c
/etc/pam
.d
/fingerprint-auth
....L.... c
/etc/pam
.d
/password-auth
....L.... c
/etc/pam
.d
/smartcard-auth
....L.... c
/etc/pam
.d
/system-auth
S.5....T. c
/etc/security/limits
.conf
S.5....T. c
/etc/postfix/main
.cf
S.5....T. c
/etc/ssh/sshd_config
S.5....T. c
/etc/nanorc
S.5....T. c
/etc/httpd/conf/httpd
.conf
|
代码的意思是
1
2
3
4
5
6
7
8
9
|
S file Size differs
M Mode differs (includes permissions and file type)
5
digest (formerly MD5 sum) differs
D Device major/minor number mismatch
L readLink(
2
) path mismatch
U User ownership differs
G Group ownership differs
T mTime differs
P caPabilities differ
|
以 /etc/watchdog.conf为例
S.5....T. c
/etc/watchdog
.conf
第一个字母S,是文件size发生了变化
第二个是数字5,是文件的md5值发生了变化
第三个字母T,是mtime发生了变化
第四个字母c,是change的缩写。
可以看出,这个文件在watchdog软件包安装后,发生了编辑行为。由于是配置文件发生修改,基本可以视作正常的,如果是二进制文件被修改,就值得注意了。
本文转自 紫色葡萄 51CTO博客,原文链接:http://blog.51cto.com/purplegrape/1310107,如需转载请自行联系原作者