ServerBuddies Support Blog

Display package information using rpm - RPM Package Manager

-i, –info
Display package information, including name, version, and description. This uses the –queryformat if one was specified.

-f, –file FILE
Query package owning FILE.

Description :
This package contains a system utility (passwd) which sets or changes passwords, using PAM (Pluggable Authentication Modules) library.

Verify Package Integrity Using RPM

The RPM package management system includes the ability to verify the integrity of installed packages by comparing the installed files with information about the files taken from the package metadata stored in the RPM database.

Although an attacker could corrupt the RPM database (analogous to attacking the AIDE database as described above), this check can still reveal modification of important files. To determine which files on the system differ from what is expected by the RPM database:

A “c” in the second column indicates that a file is a configuration file (and may be expected to change). In order to exclude configuration files from this list, run:

How to ensure Package Signature Checking is Globally Activated

The gpgcheck option should be used to ensure that checking of an RPM package’s signature always occurs prior to its installation.

To force yum to check package signatures before installing them, ensure that the following line appears in /etc/yum.conf in the [main] section:

How to manually Check for Package Updates

The following command prints a list of packages that need to be updated:

To actually install these updates, run:

How can I get yum to keep package at a certain version.

There are several ways you can do this.

One is to exclude it from your updates list. See man yum.conf for more details.
Another way to pin package to a certain version is to use the versionlock plugin.

If you are using the latest Fedora then the plugin can be installed using:

To add files that you want version locked, use the following yum command: