backup - use rpm -V against backed-up database -


rpm(1) provides -v option verify installed files against installation database, can used detect modified or missing files. might used form of intrusion detection (or @ least part of audit). however, of course possible rpm database installed may modified hacker hide tracks (see http://www.sans.org/security-resources/idfaq/rpm.php, last sentence)

it looks should possible rpm database /var/lib/rpm after every install (to external medium) , use during audit using --dbpath. such backup have updated fo course after every install or upgrade etc.

is feasible? there resources detail methods, pitfalls, suggestions etc this?

yes feasible. use "rpm -va --dbpath /some/where/else" point saved database directory.

copy /var/lib/rpm/packages saved /some/where/else directory, , run "rpm --rebuilddb --dbpath /some/where/else" regenerate indices.

note can verify files using original packaging "rpm -vp some*.rpm" less hassle (and more secure ro offline media storing packages) saving copies of installed /var/lib/rpm/packages rpmdb.


Comments

Popular posts from this blog

Payment information shows nothing in one page checkout page magento -

tcpdump - How to check if server received packet (acknowledged) -