-
Notifications
You must be signed in to change notification settings - Fork 1
/
README
61 lines (46 loc) · 2.26 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
+-----------------------------------+
+ cern-rpmverify +
+-----------------------------------+
Product name: cern-rpmverify
Date: Apr 5 2012
Version: 3.2
Vendor: CERN
Author: Panos Sakkos while at Computer Security Team
CST Email: [email protected]
Author Email: <[email protected]>
License: GPLv3
+-------+
|License|
+-------+
Copyright 2012 CERN. This software is distributed under the terms of the GNU General Public
Licence version 3 (GPL Version 3), copied verbatim in the file COPYING. In applying this licence,
CERN does not waive the privileges and immunities granted to it by virtue of its status as an
Intergovernmental Organization or submit itself to any jurisdiction.
+-----------+
|Description|
+-----------+
cern-rpmverify is designed to detect changes in the files that are installed by rpm packages.
It will log the changed files as well as the rpm packages that they belong at the local syslog facility.
Configuration files are ignored, because they are supposed to be changed. You need root priviledges to execute
cern-rpmverify, otherwise all the files that need root privileges will be ignored.
*IMPORTANT*
If you want to run a more strict rpm verification, execute 'rpm -V --all'. With this command you will
get information about not only changed files, but changes in permissions etc.
+--------------------------+
|Format of the log messages|
+--------------------------+
Feb 9 14:50:23 localhost python: cern-rpmverify: started
Feb 9 15:04:02 localhost python: cern-rpmverify: File /usr/bin/catchsegv from package glibc-common-2.12-1.47.el6 has been modified
Feb 9 15:04:04 localhost python: cern-rpmverify: File /usr/bin/consolehelper from package usermode-1.102-3.el6 has been modified
Feb 9 14:55:15 localhost python: cern-rpmverify: finished
+------------------------------+
|Before reading the source code|
+------------------------------+
You need to know how the rpm works and the information that you can fetch from the rpm database.
Familiarity with python would be usefull.
The code has been tested against rpm 4.8.0 and 4.4.2.3
+----------+
|References|
+----------+
Python API:
http://rpm5.org/docs/api/group__python.html