[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [opensuse-security] rpm database integrity



On 2014-09-16 23:06, pinguin74 wrote:
> Hello,
> 
> at sans.org I read:
> 
> "The first thing to do is check the contents of /var/lib/rpm. The
> databases should have a date/time stamp of when you originally installed
> the system. If you see a different date, be suspect of the integrity of
> the databases."

Absurd.

> Well, on my system the time stamp of the files within /var/lib/rpm do
> not carry the time stamp from original installation, the time stamp seem
> to be the last time I installed some new stuff with YaST.

Correct.

> But, the time stamp of the directory /var/lib/rpm itself actually is the
> original time from installation.

Nope.

Mine says "Dec 19  2013", which is not the installation date, which I
know was about Dec 2002. It could the the last system upgrade, but that
was on 2014-02-25.

So no, that directory timestamp is not the system installation date.
Maybe on some circumstances it is.

> I now wonder, does sans.org tell us something not entirely correct?

I don't know what they say about other things, but in this particular
thing, and at least on openSUSE, they are absolutely wrong.


> When you install stuff, doesn´t the time stamps change below /var/lib/rpm ?

They do.


-- 
Cheers / Saludos,

		Carlos E. R.
		(from 13.1 x86_64 "Bottle" at Telcontar)

Attachment: signature.asc
Description: OpenPGP digital signature