我有一个已被篡改的安装,我想知道究竟发生了什么变化。
我可以跑
rpm -V MY_PACKAGES 这给了我一个修改文件的列表。 现在我正在寻找一种方便的方法来查看差异(假设所有文件都有文本内容)与原始的rpms(我已经可用)。
考虑到我正在处理大约20个软件包和200个更改的文件,最简单的方法是什么? 有没有像“rpm diff”?
# # Install yumdownloader # yum install yum-utils # # search modified files (in this case: from pam_ldap) # rpm -V pam_ldap S.5....T. c /etc/pam_ldap.conf # # make tmp-dir and download rpm # mkdir Temp cd Temp yumdownloader pam_ldap # # extract rpm to current folder # rpm2cpio pam_ldap-185-11.el6.x86_64.rpm | cpio -idmv # # check diff # diff etc/pam_ldap.conf /etc/pam_ldap.conf rpm -V explained: c %config configuration file. d %doc documentation file. g %ghost file (ie the file contents are not included in the package payload). l %license license file. r %readme readme file. S file Size differs M Mode differs (includes permissions and file type) 5 MD5 sum differs D Device major/minor number mismatch L readLink(2) path mismatch U User ownership differs G Group ownership differs T mTime differs