For those who have been handed the keys to a system and simply been told, “It’s not working”, it can be very useful to know what files have been modified from the stock installation of the system.

If you are working with an RPM-based installation, such as Suse Linux Enterprise Server, the following command (by way of Linux Journal) can be very useful:

rpm -qa | xargs rpm --verify --nomtime | less

This command will spit out output that looks roughly like this:

missing     /usr/local/src
  .M......    /bin/ping6
  .M......    /usr/bin/chage
  .M......    /usr/bin/gpasswd
  ....L...  c /etc/pam.d/system-auth
  .M......    /usr/bin/chfn
  .M......    /usr/bin/chsh
  S.5.....  c /etc/rc.d/rc.local
  S.5.....  c /etc/sysctl.conf
  S.5.....  c /etc/ssh/sshd_config
  S.5.....  c /etc/updatedb.conf

A quick look through the man pages will tell you what the flags mean:

  c %config configuration file.
  d %doc documentation file.
  g %ghost file (i.e. the file contents are not
    included in the package payload).
  l %license license file.
  r %readme readme file.

  S file Size differs
  M Mode differs (includes permissions and file type)
  5 MD5 sum differs
  D Device major/minor number mismatch
  L readLink(2) path mismatch
  U User ownership differs
  G Group ownership differs
  T mTime differs

So, in our sample output you can quickly determine that the configuration file for the OpenSSH daemon (/etc/ssh/sshd_config) has been modified, along with several others.

This can give you a quick insight into the state of the system, and may allow you to trace down the source for any errors more efficiently

Last 3 posts by Rick