Hi, > Is there any technology in fedora, that enables me to ensure that ALL > running code on a certain server (even code not installed from RPMs, such as > say by a legacy admin), has been signed by redhat, and to warn me about > un-signed code that is running or about to run. I am interested to verify a > server is in a "known-good" state I don't know of any « One True Solution », but you could use things like : $ rpm -qaV -> this will list all files modified _after_ they were installed via RPM $ rpm -qf <some file> -> this will tell you the package that this file belongs to You can then use the « --queryformat » option of RPM to get various informations about a package, for example where did it come from. For files installed not using RPM, I'm not sure how to verify this, but as Fedora only provides files in RPMs, I'm pretty confident that no file outside a RPM will be signed by Fedora. For RedHat, I have no idea, but you are on a Fedora mailing-list ;) ---------- Mathieu Bridon (bochecha) -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list