Delivered each Tuesday, TechRepublic’s free Linux NetNote provides tips, articles, and other resources to help you hone your Linux skills. Automatically sign up today!

A number of programs exist that perform file
system validation. For instance, both the Tripwire and AIDE
programs perform comprehensive checks on your system to determine
if someone has changed, added, or removed files. Both programs use
sophisticated means of determining a file’s “identity,” including
inode data, md5sums, and other hashes.

However, every RPM-based system already
features a basic file system integrity checker–the rpm tool itself. Of course,
that’s not to say that more advanced integrity checkers aren’t
necessary, particularly when it comes to servers and other critical
machines. But on a basic machine where you want to perform a quick
validation of the file system, rpm can suffice nicely.

Here’s an example:

# rpm -Va

This verifies every file installed as an rpm
package on your system. The rpm database keeps information on each
file it installs, so it knows if something has changed.

When you run rpm, it returns a listing of
files with codes in front of them that looks something like
this:

S.5….T c /etc/sudoers
missing    /boot/kernel.h-2.4.18

This obviously tells us that the kernel header
file (kernel.h-2.4.18) is missing, and it shows that the sudoers
file has changed.

The column of codes are the letters SM5DLUGT;
if the letter shows up, it means that the value of the file has
changed. Those letters represent Size, Mode, MD5 checksum, Device
major and minor numbers, Symlink destination, Owner, Group, and
modification Time, respectively. In our example, we can see that
the sudoers file has changed size, md5sum value, and modification
time since installation.

In addition, note the letter c behind the status column;
this marks the file as a configuration file. So in this case, you
can assume that the reason for the change is that you configured
sudoers.