Next

Package Related Commands, Integrity Check

Table of Contents

cmd:debsums 
Info 
Description 
Comments 
Help 
Read-only root fs 

cmd:debsums 

Info 

debsums - check the MD5 sums of installed Debian packages

Description 

Verify installed Debian package files against MD5 checksum lists from /var/lib/dpkg/info/*.md5sums.

debsums can generate checksum lists from deb archives for packages that don't include one.

Comments 

debsums is intended primarily as a way of determining what installed files have been locally modified by the administrator or damaged by media errors and is of limited use as a security tool.

If you are looking for an integrity checker that can run from safe media, do integrity checks on checksum databases and can be easily configured to run periodically to warn the admin of changes see other tools such as: aide, integrit, samhain, or tripwire.

Help 

Usage 

debsums -l
       List installed packages with no checksums.
debsums -ce
       List changed configuration files.
debsums -c
       List changed package files (execluding configuration files)
       from all installed packages with checksums.
debsums foo bar
       Check the sums for installed packages foo and bar.
debsums foo.deb bar.deb
       As above, using checksums from (or generated from) the archives.

Quick Help 

 Usage: debsums [OPTIONS] [PACKAGE|DEB] ...

Options:
 -a, --all                    check configuration files (normally excluded)
 -e, --config                 check only configuration files
 -c, --changed                report changed files (implies -s)
 -l, --list-missing           list packages which don't have an md5sums file
 -s, --silent                 only report errors
 -m, --md5sums=FILE           read list of deb checksums from FILE
 -r, --root=DIR               root directory to check (default /)
 -d, --admindir=DIR           dpkg admin directory (default /var/lib/dpkg)
 -p, --deb-path=DIR[:DIR...]  search path for debs
 -g, --generate=[all][,keep[,nocheck]]
                              generate md5sums from deb contents
     --no-locale-purge        warn on locale files even if locale-purge is used
     --help                   print this help, then exit
     --version                print version number, then exit

Config Help 

-p, --deb-path=dir[:dir...]
       Directories  in  which to look for debs derived from the package
       name (default is the current directory).
DPkg::Post-Invoke {
    "debsums --generate=nocheck -sp /var/cache/apt/archives";
};
       /etc/apt/apt.conf fragment to generate missing  checksums  after
       upgrade/install.

The command:

apt-get --reinstall --download-only install `debsums -l`

may be used to populate the cache with any debs not already in the cache.

[Note]

This doesn't work for CD-ROM and other local sources as packages are not copied to /var/cache. Simple file sources (all debs in a a single directory) should be added to the -p list.

documented on: 2006.06.28


SourceForge.net LogoXpt.SourceForge.netCreative Commons Attribution-ShareAlike License
Single file version available here.
Last updated on 2008-06-17.
To discuss, comment here.
   Next