I run a few Linux PCs at home and at work. Most of them use packages in RPM format (Fedora, RHEL and CentOS). Sometimes I want to know which configuration files have I modified. That is really important when you’re upgrading to a new OS version and want to keep your custom settings.
What I used to do was to keep a copy of all the relevant files as they were in the previous version and then modify the new installation accordingly. This solution was working for me but I was never sure whether the new configuration was exactly the same and if I hadn’t missed any settings in one of the configuration files.
A few days ago I found a better way to monitor the configuration files for changes. As long as you install all the software as RPMs (which makes sense anyway since it’s easier to deploy the same package on multiple machines or deal with reinstallation) you can use the rpm verification capability which is built into the rpm command.
The way this works is quite simple. For example, I want to know if I changed my firewall settings. Since the firewall I’m using is installed as part of the iptables RPM I need to execute (as root):
# rpm -V iptables
which produces the following output:
SM5....T c /etc/sysconfig/iptables-config
This means that since the RPM was installed the file /etc/sysconfig/iptables-config has changed. Specifically the output indicates that the following has changed:
- size of the file (S),
- permissions (M),
- MD5 checksum (5),
- modification time (T).
The properties which did not change are:
- device major/minor numbers (1st dot), if it did change we would see D
- path to which a symbolic link points to (2nd dot), if it did change we would see L
- user ownership (3rd dot), if it did change we would see U
- group ownership (4th dot), if it did change we would see G
Now I know that only this file from iptables RPM was modified.
If I want to look for all the changes in /etc folder I would execute:
# rpm -Va | grep "\/etc\/"
which produces quite a long output so I won’t list it here. Instead of writing “rpm -V” one can also use “rpmverify”.
RPM verification has a few more uses than just checking for changes you did to your own system. It can also be used to monitor your system for unauthorized changes.
This post was written based on information I have found on Novell website, rpm.org and man page for rpm command.