To verify an installed package against a RPM, use:
rpm -Vp packagename.rpm
This of course is trivial for an attacker to circumvent, the RPM database is not really protected at all.
Burn it on a CD-R along with your tripwire database as soon as you have installed and configured your system, but before you bring up the network connections or allow anyone to log in on the console. And make sure no hacker can swap the CD-R around for one of his own making after compromising your system... :o) Cheers! Yuri. -------------------------------------------------------------------------- drs. Yuri Robbers phone : +31-71-527-4966 Leiden University fax : +31-71-527-4900 Institute for Theoretical Biology email : robbers@rulsfb.leidenuniv.nl Kaiserstraat 63 2311 GP Leiden PGP 5.0 public key available: the Netherlands Check your favourite hkp server. --------------------------------------------------------------------------