Archive for the tag 'rpm'

SBDavid

RPM verification

RPM verification

To display a list of all keys installed for RPM verification run rpm -qa

The output will look similar to the following:

[centos@centos ~]$ sudo rpm -qa gpg-pubkey*
gpg-pubkey-c105b9de-4e0fd3a3
gpg-pubkey-6b8d79e6-3f49313d
[centos@centos ~]$

To check the details run rpm -qi

[centos@centos ~]$ rpm -qi gpg-pubkey-c105b9de-4e0fd3a3
Name : gpg-pubkey Relocations: (not relocatable)
Version : c105b9de Vendor: (none)
Release : 4e0fd3a3 Build Date: Fri 04 Nov 2011 09:37:15 PM IST
Install Date: Fri 04 Nov 2011 09:37:15 PM IST Build Host: localhost
Group : Public Keys Source RPM: (none)
Size : 0 License: pubkey
Signature : (none)
Summary : gpg(CentOS-6 Key (CentOS 6 Official Signing Key) )
Description :

If the GPG key verifies successfully, the command returns gpg OK

[centos@centos ~]$ rpm -K ./Downloads/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
./Downloads/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm: (sha1) dsa sha1 md5 gpg OK
[centos@centos ~]$
SBDavid

Verifying Signed RPM Package

Verifying Signed Packages

All Red Hat Enterprise Linux packages are signed with the Red Hat GPG key. GPG stands for GNU Privacy Guard, or GnuPG, a free software package used for ensuring the authenticity of distributed files. For example, a private key (secret key) locks the package while the public key unlocks and verifies the package. If the public key distributed by Red Hat Enterprise Linux does not match the private key during RPM verification, the package may have been
altered and therefore cannot be trusted.

If the disc is mounted in /mnt/cdrom, use the following command to import it into the keyring (a database of trusted keys on the system):

rpm –import /mnt/cdrom/RPM-GPG-KEY

To display a list of all keys installed for RPM verification, execute the following command:

rpm -qa gpg-pubkey*

The output will look similar to the following:

gpg-pubkey-db42a60e-37ea5438

To display details about a specific key, use the rpm -qi command followed by the output from the previous command, as in this example:

rpm -qi gpg-pubkey-db42a60e-37ea5438

Using RPM Verify to Monitor Changes to System Files

It is important for administrators of critical server systems to be able to track changes to files on their systems. Tracking file changes helps detect accidental or malicious modifications such as viruses, root kits, or hacking activity. RPM, the package management system used for all RPM based Linux distributions, provides an easy mechanism for tracking these changes. When a package is installed, the RPM database stores information about each file belonging to that package including the size, date, and MD5 sum among others. This data can later be compared to the existing files on the system to detect any changes.

Verifications are performed with the rpm command and the -V flag. This command should be executed as root so that all file attributes can be read from the system without file permissions getting in the way. For example:

To verify all files in the RPM database:

# rpm -Va

To verify all files belonging to a package, packagename:

# rpm -V packagename

To verify all files belonging a particular RPM file (local, FTP, HTTP):

# rpm -V path_to_the_file.rpm

All applicable files are checked, and any discrepancies are shown. The output is a string of eight characters, followed by an optional attribute marker. The string of eight characters indicates changes in size, permissions, MD5 sum, etc.

S file Size differs
M Mode differs (includes permissions and file type)
5 MD5 sum differs
D Device major/minor number mis-match
L readLink(2) path mis-match
U User ownership differs
G Group ownership differs
T mTime differs

For example:

S.5….T c /etc/wvdial.conf

This example shows that the configuration file, /etc/wvdial.conf, has a different size, MD5 sum, and modified time than the RPM database has on record. In this case, this is probably okay–it is a configuration file and it is normal for them to change.

How to install Red Hat GPG key for RPM verification.

If the Red Hat GPG key is not installed, install it from a secure, static location, such as a Red Hat installation CD-ROM or DVD.

All Red Hat Enterprise Linux packages are signed with the Red Hat GPG key. GPG stands for GNU Privacy Guard, or GnuPG, a free software package used for ensuring the authenticity of distributed files. For example, a private key (secret key) locks the package while the public key unlocks and verifies the package. If the public key distributed by Red Hat Enterprise Linux does not match the private key during RPM verification, the package may have been altered and therefore cannot be trusted.

use the following command to import it into the keyring (a database of trusted keys on the system):

rpm –import /mnt/cdrom/RPM-GPG-KEY

To display a list of all keys installed for RPM verification, execute the following command:

rpm -qa gpg-pubkey*

It is extremely important to verify the signature of the RPM files before installing them to ensure that they have not been altered from the original source of the packages. To verify all the downloaded packages at once, issue the following command:

rpm -K /tmp/updates/*.rpm
SBDavid

Disabling services in RPM distros

Disabling services in RPM distros

There are several services running by default that may be safely disabled. First, we’ll generate a list of services that are enabled at runlevel 3.

chkconfig –list | awk ‘/3:on/ { print $1 }’

We will disable the following services

gpm kudzu netfs anacron atd apmd pcmcia nfslock isdn autofs portmap rhnsd

for SERVICE in gpm kudzu netfs anacron atd apmd pcmcia nfslock isdn autofs portmap rhnsd
do
/sbin/chkconfig $SERVICE off
/sbin/service $SERVICE stop
done

« Prev - Next »