[opensuse-security] rpm database integrity
Hello, at sans.org I read: "The first thing to do is check the contents of /var/lib/rpm. The databases should have a date/time stamp of when you originally installed the system. If you see a different date, be suspect of the integrity of the databases." Well, on my system the time stamp of the files within /var/lib/rpm do not carry the time stamp from original installation, the time stamp seem to be the last time I installed some new stuff with YaST. But, the time stamp of the directory /var/lib/rpm itself actually is the original time from installation. I now wonder, does sans.org tell us something not entirely correct? When you install stuff, doesn´t the time stamps change below /var/lib/rpm ? Thanks
On 2014-09-16 23:06, pinguin74 wrote:
Hello,
at sans.org I read:
"The first thing to do is check the contents of /var/lib/rpm. The databases should have a date/time stamp of when you originally installed the system. If you see a different date, be suspect of the integrity of the databases."
Absurd.
Well, on my system the time stamp of the files within /var/lib/rpm do not carry the time stamp from original installation, the time stamp seem to be the last time I installed some new stuff with YaST.
Correct.
But, the time stamp of the directory /var/lib/rpm itself actually is the original time from installation.
Nope. Mine says "Dec 19 2013", which is not the installation date, which I know was about Dec 2002. It could the the last system upgrade, but that was on 2014-02-25. So no, that directory timestamp is not the system installation date. Maybe on some circumstances it is.
I now wonder, does sans.org tell us something not entirely correct?
I don't know what they say about other things, but in this particular thing, and at least on openSUSE, they are absolutely wrong.
When you install stuff, doesn´t the time stamps change below /var/lib/rpm ?
They do. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
participants (2)
-
Carlos E. R. -
pinguin74