RedHat Package Manager (all well known rpm) can check integrity of installed components. It can indicate if there were any of installed files modified, or did somebody change a permission?
To run a basic and comprehensive install integrity check, you simply execute (preferably as root):
rpm -V rpm_name_to_check
or
rpm --verify rpm_name_to_check
If there are no issues, you'll get empty output and return code 0. That is:
$ rpm -V libusb
$ echo $?
0
For a modified deployed file you may see something like this:
$ rpm -V httpd
..?...... /usr/sbin/suexec
.....UG.. /var/www
.....UG.. /var/www/cgi-bin
.M...UG.. /var/www/html
In the case of a modified install the return code will be 1:
$ echo $?
1
httpd install test above translates as:
/var/www, /var/www/cgi-bin got their User ownership and Group memberships modified. And /var/www/html got Mode (chmod) changed in addition to the User and the Group.
The question mark in rpm -V output means a certain test could not have been performed. In our example above "..?...... /usr/sbin/suexec" means md5 sum can't be calculated for /usr/sbin/suexec.
That is often because rpm can not access a file being verified under current user account. To avoid "can't verify" question mark in the rpm -V output, just execute rpm as root:
$ sudo rpm -V httpd
.....UG.. /var/www
.....UG.. /var/www/cgi-bin
.M...UG.. /var/www/html
See that "..?...... /usr/sbin/suexec" gone? :-)
By default rpm performs a bunch of tests, each denoted by dot in the case of rpm metadata and installed item match, or "what's wrong" attribute otherwise:
- S - file Size differs
- M - Mode differs (includes permissions and file type)
- 5 - MD5 sum differs
- D - Device major/minor number mismatch
- L - readLink path mismatch
- U - User ownership differs
- G - Group ownership differs
- T - mTime differs
- P - caPabilities differ
The output can also have an attribute marker:
c %config configuration file.
d %doc documentation file.
g %ghost file (i.e. the file contents are not included in the package payload).
l %license license file.
r %readme readme file.
That is it from me, read
man rpm for more info.