Welcome, Guest! Registration


Friday, 2019-02-22
Main » 2015 » April » 3 » Meaning of rpm --verify output
1:37 PM
Meaning of rpm --verify output

RedHat Package Manager (all well known rpm) can check integrity of installed components. It can indicate if there were any of installed files modified, or did somebody change a permission?

To run a basic and comprehensive install integrity check, you simply execute (preferably as root):

rpm -V rpm_name_to_check
rpm --verify rpm_name_to_check

If there are no issues, you'll get empty output and return code 0. That is:

$ rpm -V libusb
$ echo $?

For a modified deployed file you may see something like this:

$ rpm -V httpd
..?...... /usr/sbin/suexec
.....UG.. /var/www
.....UG.. /var/www/cgi-bin
.M...UG.. /var/www/html

In the case of a modified install the return code will be 1:

$ echo $? 1

httpd install test above translates as:

/var/www, /var/www/cgi-bin got their User ownership and Group memberships modified. And /var/www/html got Mode (chmod) changed in addition to the User and the Group.

The question mark in rpm -V output means a certain test could not have been performed. In our example above "..?...... /usr/sbin/suexec" means md5 sum can't be calculated for /usr/sbin/suexec.

That is often because rpm can not access a file being verified under current user account. To avoid "can't verify" question mark in the rpm -V output, just execute rpm as root:

$ sudo rpm -V httpd
.....UG.. /var/www
.....UG.. /var/www/cgi-bin
.M...UG.. /var/www/html

See that "..?...... /usr/sbin/suexec" gone? :-)

By default rpm performs a bunch of tests, each denoted by dot in the case of rpm metadata and installed item match, or "what's wrong" attribute otherwise:

  1. S - file Size differs
  2. M - Mode differs (includes permissions and file type)
  3. 5 - MD5 sum differs
  4. D - Device major/minor number mismatch
  5. L - readLink path mismatch
  6. U - User ownership differs
  7. G - Group ownership differs
  8. T - mTime differs
  9. P - caPabilities differ

The output can also have an attribute marker:

c %config configuration file.
d %doc documentation file.
g %ghost file (i.e. the file contents are not included in the package payload).
l %license license file.
r %readme readme file.
That is it from me, read man rpm for more info.
Views: 2411 | Added by: ep | Tags: install, RedHat, rpm, integrity | Rating: 0.0/0
Total comments: 0
Only registered users can add comments.
[ Registration | Login ]