运行下面的命令可以检查rpm包安装后发生了什么改变
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
# rpm -Va S.5....T. c /etc/watchdog .conf
S.5....T. c /etc/xinetd .d /tftp
S.5....T. c /etc/rc .d /rc . local
S.5....T. c /etc/sysctl .conf
S.5....T. c /etc/bashrc
S.5....T. c /etc/dhcp/dhcpd .conf
....L.... c /etc/pam .d /fingerprint-auth
....L.... c /etc/pam .d /password-auth
....L.... c /etc/pam .d /smartcard-auth
....L.... c /etc/pam .d /system-auth
S.5....T. c /etc/security/limits .conf
S.5....T. c /etc/postfix/main .cf
S.5....T. c /etc/ssh/sshd_config
S.5....T. c /etc/nanorc
S.5....T. c /etc/httpd/conf/httpd .conf
|
代码的意思是
1
2
3
4
5
6
7
8
9
|
S file Size differs M Mode differs (includes permissions and file type) 5 digest (formerly MD5 sum) differs
D Device major/minor number mismatch L readLink( 2 ) path mismatch
U User ownership differs G Group ownership differs T mTime differs P caPabilities differ |
以 /etc/watchdog.conf为例
S.5....T. c
/etc/watchdog
.conf
第一个字母S,是文件size发生了变化
第二个是数字5,是文件的md5值发生了变化
第三个字母T,是mtime发生了变化
第四个字母c,是change的缩写。
可以看出,这个文件在watchdog软件包安装后,发生了编辑行为。由于是配置文件发生修改,基本可以视作正常的,如果是二进制文件被修改,就值得注意了。
本文转自 紫色葡萄 51CTO博客,原文链接:http://blog.51cto.com/purplegrape/1310107,如需转载请自行联系原作者