Hi Ed :), But how it can be spoofed , as I see that no user has write permissions on /var/lib/rpm Hmmmm. I know you are taking about local sudo users who can have anything with the system ... but what is the necessary change that you would suggest at /etc/sudoers file so that no one except genuine root has write permissions on to these files -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx]On Behalf Of Ed Wilts Sent: Wednesday, December 29, 2004 8:01 PM To: General Red Hat Linux discussion list Subject: Re: monitor remote rpm database On Wed, Dec 29, 2004 at 07:36:24PM +0530, Mulley, Nikhil wrote: > I want to know how can I monitor remote machines rpm database , so > that when ever a user on that machine installs a new rpm on the > system, thinking that I have root access to the remote machine . If you have root access on the system, one easy way to do it is to simply run rpm on the remote box and see what's been recently installed. To report in machine readable format: # rpm -qa --queryformat '%{installtime} %{name}\n' To report in a more human-readable format: # rpm -qa --last In both cases, you are explicity trusting the rpm database to tell you which packages were recently installed. This is not to be used a security audit since this information could easily be spoofed. > when I tried to search in install.log which is in /root directory , it > is created only when te distribution is installed and thereby not > updated , /var/log/rpmpkgs is created on a daily basis with an rpm listing. It's then rotated weekly. See /etc/cron.daily/rpm and /etc/logrotate.d/rpm. You could customize these reports if you wanted to. To simply see what's changed this week: # diff /var/log/rpmpkgs /var/log/rpmpkgs.1 -- Ed Wilts, RHCE Mounds View, MN, USA mailto:ewilts@xxxxxxxxxx Member #1, Red Hat Community Ambassador Program -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
