RPM (the Red Hat Package manager) is the most widely-used package manager on Linux systems. Other package formats exist on various Linux systems, such as the Debian (.deb) package format, but the majority of distributions use the RPM package format. As with any other format, it has unique strengths and weaknesses. One of RPM's strengths is the variety of options it provides to verify file information, reset file information, and so on. All of this information is stored in the RPM database which keeps track of information such as file sizes, md5sums of files, ownership, permissions, and more.
To obtain a list of all the installed RPM packages on your system, use:
# rpm -qa | sort
To list the permissions and ownership of files in a package, use:
# rpm -qlv openssh
drwxr-xr-x 2 root root 0 Dec 29 2006 /etc/ssh
-rwxr-xr-x 1 root root 49488 Dec 29 2006 /usr/bin/scp
To simply list the filenames, omit the -v option. To verify that the permissions and ownership of the files that were installed are similar, use the -V option:
# rpm -V sudo
S.5....T c /etc/sudoers
Here you can see that the file, /etc/sudoers, has changed in size, the md5sum has changed, and the modification time has changed (indicated by S.5....T). However, the c indicator means that this file is a configuration file, so changes are to be expected.
In fact, you can use RPM as a poor-man's tripwire by using:
# for rpm in $(rpm -qa); do rpm -V $rpm; done
This will indicate what files have changed from what the package originally provided.
If you wanted to know what configuration files a RPM package provided, use:
# rpm -q --configfiles sudo
The RPM program also provides two very useful switches that can be used to restore ownership and permissions to files that it is aware of. For instance, if you were to accidentally execute something along the lines of chown -R user:user /, your system would break very quickly. However, the damage can be mitigated somewhat by restoring ownership and permissions of files that came in RPM packages by using:
# rpm -qa | xargs rpm --setperms --setugids
As you can see, there are definitely some interesting things that can be done with RPM. The database stores a fair amount of information that can be used to query and restore permissions and ownership of files that were provided in RPM packages.
Delivered each Tuesday, TechRepublic's free Linux NetNote provides tips, articles, and other resources to help you hone your Linux skills. Automatically sign up today!
Vincent Danen works on the Red Hat Security Response Team and lives in Canada. He has been writing about and developing on Linux for over 10 years and is a veteran Mac user.