CentOS 系统RPM 安全检查

运行下面的命令可以检查rpm包安装后发生了什么改变


# rpm -Va
S.5....T.  c /etc/watchdog.conf
S.5....T.  c /etc/xinetd.d/tftp
S.5....T.  c /etc/rc.d/rc.local
S.5....T.  c /etc/sysctl.conf
S.5....T.  c /etc/bashrc
S.5....T.  c /etc/dhcp/dhcpd.conf
....L....  c /etc/pam.d/fingerprint-auth
....L....  c /etc/pam.d/password-auth
....L....  c /etc/pam.d/smartcard-auth
....L....  c /etc/pam.d/system-auth
S.5....T.  c /etc/security/limits.conf
S.5....T.  c /etc/postfix/main.cf
S.5....T.  c /etc/ssh/sshd_config
S.5....T.  c /etc/nanorc
S.5....T.  c /etc/httpd/conf/httpd.conf


代码的意思是

S file Size differs
M Mode differs (includes permissions and file type)
5 digest (formerly MD5 sum) differs
D Device major/minor number mismatch
L readLink(2) path mismatch
U User ownership differs
G Group ownership differs
T mTime differs
P caPabilities differ


以 /etc/watchdog.conf为例

S.5....T. c /etc/watchdog.conf


第一个字母S,是文件size发生了变化

第二个是数字5,是文件的md5值发生了变化

第三个字母T,是mtime发生了变化

第四个字母c,是change的缩写。


可以看出,这个文件在watchdog软件包安装后,发生了编辑行为。由于是配置文件发生修改,基本可以视作正常的,如果是二进制文件被修改,就值得注意了。

你可能感兴趣的:(rpm)