monitor remote rpm database

mnikhil m mnikhil.juno at gmail.com
Thu Dec 30 05:49:35 UTC 2004


Now I am  looking at other alternative
http://www.tripwire.org/ as someone informed me that  the rpm database
can be spoofed.

On Thu, 30 Dec 2004 11:18:26 +0530, mnikhil m <mnikhil.juno at gmail.com> wrote:
> Yup George :)
> I came to know that  crons does them the other day , when I was
> traversing through /etc/logrotate.d /etc/crons.daily
> 
> Hey I got the thing that  this below command will list the diff itself
> To report in a more human-readable format:
> # rpm -qa --last
> 
> var/log/rpmpkgs is created on a daily basis with an rpm listing.  It's
> then rotated weekly.  See /etc/cron.daily/rpm and /etc/logrotate.d/rpm.
> You could customize these reports if you wanted to.  To simply see
> what's changed this week:
> 
> # diff /var/log/rpmpkgs /var/log/rpmpkgs.1
> 
> 
> On Thu, 30 Dec 2004 00:46:06 -0400, Jorge Fábregas <fabregasj at prtc.net> wrote:
> > On Wednesday 29 December 2004 10:28 am, mnikhil m wrote:
> > > But my question stands as when did the exact change/or installation
> > > happen , and what is the significance of numerical extensions .1,.2,.3
> > > in each of the files as I tried to diff
> >
> > Hi,
> >
> > Ok, I just found out about /var/log/rpmpkgs.  I didn't know this file existed
> > at all.  I turns out that this file is placed by a job running via /etc/
> > cron.daily  (see the rpm script there). It is basically the output of:
> >
> > rpm -qa (q for query....a  for all)
> >
> > The files with extensions you see are created by logrotate via:
> >
> > /etc/logrotate.d/rpm
> >
> > which basically rotates the file based on the rules specified in the above
> > configuration file.
> >
> > I haven't think of a way to keep track if rpm's installed by the
> > users...Probably you'll need to create a script which will compare (using
> > diff) the rpmpkgs file with the previous day one...something like that. And
> > if you want to know WHEN exactly was it installed (hour, minute) that's
> > another thing. You'll have to investigate further (Google etc..).
> >
> > HTH,
> > Jorge
> >
> > --
> > fedora-list mailing list
> > fedora-list at redhat.com
> > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
> >
>




More information about the fedora-list mailing list