运行下面的命令可以检查rpm包安装后发生了什么改变
# rpm -Va S.5....T. c /etc/watchdog.conf S.5....T. c /etc/xinetd.d/tftp S.5....T. c /etc/rc.d/rc.local S.5....T. c /etc/sysctl.conf S.5....T. c /etc/bashrc S.5....T. c /etc/dhcp/dhcpd.conf ....L.... c /etc/pam.d/fingerprint-auth ....L.... c /etc/pam.d/password-auth ....L.... c /etc/pam.d/smartcard-auth ....L.... c /etc/pam.d/system-auth S.5....T. c /etc/security/limits.conf S.5....T. c /etc/postfix/main.cf S.5....T. c /etc/ssh/sshd_config S.5....T. c /etc/nanorc S.5....T. c /etc/httpd/conf/httpd.conf
代码的意思是
S file Size differs M Mode differs (includes permissions and file type) 5 digest (formerly MD5 sum) differs D Device major/minor number mismatch L readLink(2) path mismatch U User ownership differs G Group ownership differs T mTime differs P caPabilities differ
以 /etc/watchdog.conf为例
S.5....T. c
/etc/watchdog
.conf
第一个字母S,是文件size发生了变化
第二个是数字5,是文件的md5值发生了变化
第三个字母T,是mtime发生了变化
第四个字母c,是change的缩写。
可以看出,这个文件在watchdog软件包安装后,发生了编辑行为。由于是配置文件发生修改,基本可以视作正常的,如果是二进制文件被修改,就值得注意了。