-Va:验证所有软件包; [root@DB ~]# rpmverify -Va ....L.... c /etc/pam.d/fingerprint-auth ....L.... c /etc/pam.d/password-auth ....L.... c /etc/pam.d/smartcard-auth ....L.... c /etc/pam.d/system-auth .......T. c /etc/inittab 只有校验失败时,才会输出内容: S= 大小改变 M= 权限改变 5=MD5改变,说明文件内容被改了 : md5sum L= 连接改变 D= 设备改变 U=用户改变 G= 组改变 T=修改时间改变
查看服务器中有:
# rpmverify -Va S.5....T. c /etc/salt/minion Unsatisfied dependencies for php-5.3.3-49.el6.x86_64: php-cli(x86-64) = 5.3.3-49.el6 is needed by php-5.3.3-49.el6.x86_64 S.5....T. c /root/.bash_profile ..5....T. c /etc/yum/pluginconf.d/fastestmirror.conf S.5...... /bin/cpio S.5....T. c /etc/yum.repos.d/epel.repo Unsatisfied dependencies for httpd-2.2.15-59.el6.centos.x86_64: httpd-tools = 2.2.15-59.el6.centos is needed by httpd-2.2.15-59.el6.centos.x86_64 Unsatisfied dependencies for drupal7-7.54-1.el6.noarch: wget is needed by drupal7-7.54-1.el6.noarch Unsatisfied dependencies for php-xml-5.3.3-49.el6.x86_64: libexslt.so.0()(64bit) is needed by php-xml-5.3.3-49.el6.x86_64 libxslt.so.1()(64bit) is needed by php-xml-5.3.3-49.el6.x86_64 libxslt.so.1(LIBXML2_1.0.11)(64bit) is needed by php-xml-5.3.3-49.el6.x86_64 libxslt.so.1(LIBXML2_1.0.13)(64bit) is needed by php-xml-5.3.3-49.el6.x86_64 libxslt.so.1(LIBXML2_1.0.18)(64bit) is needed by php-xml-5.3.3-49.el6.x86_64 libxslt.so.1(LIBXML2_1.0.22)(64bit) is needed by php-xml-5.3.3-49.el6.x86_64 libxslt.so.1(LIBXML2_1.0.24)(64bit) is needed by php-xml-5.3.3-49.el6.x86_64 SM5....T. c /etc/ssh/sshd_config ..5...... /usr/lib64/liblzo2.so.2.0.0 ..5...... /lib64/libply-splash-core.so.2.0.0 ..5...... /lib64/libply.so.2.0.0 ..5...... /usr/lib64/libply-boot-client.so.2.0.0 S.5....T. c /etc/zabbix/zabbix_agentd.conf S.5....T. c /etc/nscd.conf ....L.... c /etc/pam.d/fingerprint-auth ....L.... c /etc/pam.d/password-auth ....L.... c /etc/pam.d/smartcard-auth ....L.... c /etc/pam.d/system-auth S.5....T. c /etc/security/limits.conf S.5...... /lib64/libnspr4.so ..5...... /lib64/libplc4.so ..5...... /lib64/libplds4.so S.5....T. c /etc/yum.conf S.5....T. c /etc/yum.repos.d/CentOS-Base.repo S.5....T. c /etc/hosts.deny S.5....T. c /etc/profile S.5....T. c /etc/sudoers S.5....T. c /etc/pam.d/su S.5....T. c /etc/rc.d/rc.local SM5....T. /etc/rc.local S.5....T. c /etc/sysctl.conf
改变权限:M
[root@DB ~]# rpmverify -Vf /bin/touch [root@DB ~]# rpm -qf /bin/touch coreutils-8.4-43.el6.x86_64 [root@DB ~]# vim /bin/touch [root@DB ~]# ll -h /bin/touch -rwxr-xr-x. 1 root root 47K May 11 2016 /bin/touch [root@DB ~]# chmod 777 /bin/touch [root@DB ~]# ll -h /bin/touch -rwxrwxrwx. 1 root root 47K May 11 2016 /bin/touch [root@DB ~]# rpmverify -Vf /bin/touch .M....... /bin/touch
如果恢复权限后:
[root@DB ~]# chmod 755 /bin/touch [root@DB ~]# ll -h /bin/touch -rwxr-xr-x. 1 root root 47K May 11 2016 /bin/touch [root@DB ~]# rpmverify -Vf /bin/touch #恢复权限后,壮态正常了
如果编辑一个文件,并增加内容,如果修改过来,修改时间就会变化:
[root@DB ~]# rpmverify -Vf /etc/ssh/sshd_config #增加内容 S.5....T. c /etc/ssh/sshd_config [root@DB ~]# vim /etc/ssh/sshd_config #去掉增加内容 [root@DB ~]# rpmverify -Vf /etc/ssh/sshd_config .......T. c /etc/ssh/sshd_config