25

On a RedHat/CentOS system, I can verify the installed RPMs on my system using rpm -V.

What is the Ubuntu or apt equivalent of this command?

Jonathon
  • 2,441
  • 16
  • 16
Stefan Lasiewski
  • 4,120
  • 6
  • 30
  • 34

2 Answers2

29

The package "debsums" is what you want to install to perform hash checks against installed packages.

For example, to check for changed files:

sudo debsums -c

Note that not all packages ship with md5sum file lists. You can see a list of those on your system with:

sudo debsums -l
Kees Cook
  • 17,243
  • 9
  • 68
  • 96
  • "debsums -l" is the same as "debsums --list-missing" so it will list all packages without checksums. – driax Dec 31 '13 at 21:49
8

To followup to what Kees said, to deal with packages that don't include a buildtime generated debsums md5sum file, by default the debsums package also installs an apt hook to generate a debsums as part of the package installation process. Thus, one way to generate the debsums file for those packages that are missing them is to apt-get install --reinstall them.

Steve Beattie
  • 1,141
  • 6
  • 14
  • Thanks for the tip! I always assumed that the system would keep it's own list of signatures. I notice that Ubuntu `binutils` (which includes `ld` and some core tools) doesn't include a signature, which seems unwise considering that these linker tools are at the core of the system, and we need to ensure that these tools are never modified or comprimised. – Stefan Lasiewski Oct 25 '10 at 20:16
  • 5
    I found a simpler way to generate debsums for those packages that are missing them. The command `sudo debsums_init` will do the heavy lifting for you. It will download the packages from the repository, and will generate the md5sums for you. – Stefan Lasiewski Oct 25 '10 at 22:47