rpm -V allows me to see what files in a package have been modified by checksum, group/owner, permissions, and I think even mtime/ctime? This is all great, however if something does show up wrong, the only way to "fix" from an rpm standpoint is to reinstall the whole package. What I would love, is the ability, provided you have access to the original rpm file, to "repair" the rpm install by only fixing what shows up as changed from the output from rpm -V. e.g. if a file had mode 644 originally but now shows 755, the repair would just put it back to 644 without copying all the other files. To put this in context, I would use something like this in an environment where I had automated package management using a tool like cfengine or the like. For example, a host based IDS (think tripwire) runs or even use rpm -V, and it detects a change. Depending on the change, backup the file for later forensic investigation and automatically replace it with the known good copy using the new rpm repair command. All of this is done while you are at home sleeping. :) Of course I could do this now by reinstalling the whole package whenever I see a change, but that seems like such horrible overkill, and on big rpms, could be slow. Would anyone else like this kind of feature or is there a better way to do something like this? Thanks, Aaron
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Rpm-list mailing list Rpm-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/rpm-list
