On Thu, 20 May 2004, billg wrote: > On Thu, 20 May 2004 11:07:42 -0700, "Jonathan Gardner" > <jgardner@xxxxxxxxxxxxxxxxxxx> said: > > On Wednesday 19 May 2004 03:00 pm, Michael Yep wrote: > > > Does anyone know why tripwire is not included in fedora? I there > > > something better? > > > > rpm -V > > > Can rpm be used to verify an entire filesystem with one command, > including anything not controlled or installed by rpm? ? rpm -V seems > to want a package name. "rpm -Va" will check everything installed by rpm. It will not check things not installed by rpm. It is a useful test, but it does have some problems. 1) You will get false positives on config files modified since installation. 2) If you have been rooted, the rootkit can modify the rpm database to match the rootkit versions. (I have seen at least one case where this has happened. I have also seen a case where they hopelessly bjorked the rpm database trying to do this.) It is a good test if you installed something from a "make install" that you later feared that it overlayed something from an rpm package. Now what really needs to happen is the ability of using an rpm database and a pile of rpms to bring a system back into a more or less clean state. (For example, if a person just happened to delete /bin as superuser. (Which I have had to repair at least once on newbie users machines.)) Using the rpm database to say "fix this system" would be a useful feature.
