为rpm -V检测到的文件更改获取差异

10

我有一个已被篡改的安装,并且我想找出确切的更改。

我可以跑

rpm -V MY_PACKAGES

这给了我一个修改过的文件列表。现在,我正在寻找一种方便的方式来查看与原始rpm(我已经可用)的差异(假设所有文件都具有文本内容)。

考虑到我正在处理约20个软件包和约200个更改的文件,这是最简单的方法。是否有类似“ rpm diff”的内容???

rpm 
亚历克斯·克劳斯
source

Answers:

9 
#
# Install yumdownloader 
#
yum install yum-utils

#
# search modified files (in this case: from pam_ldap)
#
rpm -V pam_ldap
S.5....T.  c /etc/pam_ldap.conf

#
# make tmp-dir and download rpm
#
mkdir Temp
cd Temp
yumdownloader pam_ldap

#
# extract rpm to current folder
#
rpm2cpio pam_ldap-185-11.el6.x86_64.rpm  | cpio -idmv

#
# check diff
#
diff etc/pam_ldap.conf /etc/pam_ldap.conf


rpm -V explained: 

    c %config configuration file.
    d %doc documentation file.
    g %ghost file (i.e. the file contents are not
    included in the package payload).
    l %license license file.
    r %readme readme file.

    S file Size differs
    M Mode differs (includes permissions and file type)
    5 MD5 sum differs
    D Device major/minor number mismatch
    L readLink(2) path mismatch
    U User ownership differs
    G Group ownership differs
    T mTime differs
乔娜
source
By using our site, you acknowledge that you have read and understand our Cookie Policy and Privacy Policy.
Licensed under cc by-sa 3.0 with attribution required.