Eternal 'good file hashes' list
Seth Vidal
skvidal at fedoraproject.org
Tue Oct 20 19:15:46 UTC 2009
On Tue, 20 Oct 2009, Ralf Ertzinger wrote:
> Hi.
>
> On Tue, 20 Oct 2009 19:37:39 +0200, nodata wrote
>
>> It sounds like a solution looking for a problem to me.
>
> Well, the problem is being able to determine whether the files on
> your system have been compromised, which seems like a sensible idea
> to me.
>
>> Here's a better idea:
>>
>> * Host the config files for each package online, retrievable by rpm
>> name and version of the package. This would allow diffs between what
>> is on the server and what was in the package.
>
> Or even better: keep the (compressed) config files in the RPM database.
> They're usually small and text, so the disk space used would not be
> all that great.
>
> Yes, I've wished for that in the past, too.
>
so I have an idea here - and you're welcome to ignore it - you could
implement a good bit of this system as a yum plugin.
Record original copies of the config files and tuck them away - heck you
could save off a copy of the pkg hdrs if you wanted to.
-sv
More information about the fedora-devel-list
mailing list