I am trying to locate a tool, not unlike either the "sfc" command on Windows or the "sysck" command on AIX, which can verify that the file contents, ownerships and permissions are correct. The "replace damaged or missing files" functionality in "sfc" isn't what I'm looking for, it's the "verify that all the right parts are in all the right places" capabilities.

The task I'm trying to perform is verifying that a number of different installation and upgrade paths to a specific software release on an embedded Linux product reach the same overall filesystem state -- all the required files and directories exist, have the correct contents (as told by md5sums or similar), owner, group and permissions.

A collection of individual commands -- find, stat, test, etc. -- isn't what I'm looking for. I'm looking for a TOOL, such as either of the ones I mentioned above.

I've searched high and low, but so many of the searches turn up "fsck" that any positive hits are being buried.

Julie in Austin
  • 131
  • 1
  • 6
  • Could you elaborate a bit on your situation? Are you writing from the perspective of a software vendor needing to ensure that users of your software have a working configuration? Or rather as a sysadmin needing to check against a known-good state periodically for security/reliability reasons? – the-wabbit May 09 '12 at 21:02
  • More of a hardware vendor, though it's an embedded product based on Linux, so all of the files that are used by the firmware and embedded application need to be verified. – Julie in Austin May 09 '12 at 21:05

5 Answers5


You are probably looking for a host-based IDS like Tripwire - it is capable of checking permissions, ownerships and filesystem checksums against a custom policy. Windows SFC does essentially the same thing but on a periodic basis and with a policy which is predefined by Microsoft and cannot be changed by the system's administrator.

Unfortunately, you essentially would have to do manual change runs for the file hash and permission database each time you update your system as major distros would not provide you with pre-populated databases for system integrity verification:

Tripwire graph From the Red Hat docs

(taken from http://www.centos.org/docs/2/rhl-rg-en-7.2/ch-tripwire.html)

  • 40,319
  • 13
  • 105
  • 169
  • 1
    I'll look at tripwire, but my impression whenever I've looked at it is that it's too heavy-weight for what I'd like to do with it. – Julie in Austin May 09 '12 at 20:28
  • @JulieinAustin I don't think so. The handling can be cumbersome, but what you ask for is exactly what Tripwire is doing. – the-wabbit May 09 '12 at 20:33
  • Tripwire does a lot more than what I need. I'm going to see how much of it I can ignore, and go from there. I need the tool to verify that multiple different upgrade paths for an embedded Linux product produce consistent and correct results. – Julie in Austin May 09 '12 at 20:39
  • 3
    @JulieinAustin: If you are such a code wizard as you claim, stringing something together with just a bit of Perl (or whatever you like) that does exactly what you want should be easy. In the end, you just need to traverse the file system, record permissions and checksums, store the info or compare it to the stored info. – Sven May 09 '12 at 20:53
  • @SvenW: I've considered doing just that. However, downloading a pre-existing tool that's already been tested and documented is often much easier than rolling a tool myself. – Julie in Austin May 09 '12 at 21:02
  • The RPM database stores md5sums and permissions info for packages (see the man page). If tripwire seems a bit OTT, then have a look at lids, or write a 5 line bash script around md5sum – symcbean May 09 '12 at 21:33
  • 1
    Apparently this is still a popular question to view. Based on the suggestion to use Tripwire, as well as the various RPM suggestions, I created a Debian package for our files, then used the Debian tools to check both our files and the "stock" Debian files I was installing. – Julie in Austin Mar 15 '18 at 17:31

The closest thing I can think of (on redhat based systems) is rpm -aV. This is the verify portion of rpm, which will attempt to check md5 sums, files modes and ownerships are correctly placed for files that are listed as part of the package being inspected, with -a you can do every package which makes up the system.

rpm -aV

If you want to fix permissions and modes of packages (all is a bit dangerous possibly).

rpm --setperms --setugids -a

But the best way to make this work is to run rpm -aV, check the output and ensure / account for any anomalous results each package/file produces. Then on the files/packages that produce errors you can then either reinstall the package (if files differ) or reset the uids/gids/mode on the package provided in the verify output.

Matthew Ife
  • 22,927
  • 2
  • 54
  • 71

Use find + stat combination to get the desired results.

Eg: find /path -type f -exec stat {} \;

  # stat RTM_hpc.txt

  File: `RTM_hpc'
  Size: 2361        Blocks: 8          IO Block: 4096   regular file
  Device: 822h/2082d    Inode: 1059093     Links: 1
  Access: (0644/-rw-r--r--)  Uid: (  500/  chakri)   Gid: (  100/   users)
  Access: 2011-12-08 14:07:42.028802069 -0600
  Modify: 2011-05-31 08:18:46.000000000 -0500
  Change: 2011-07-19 09:09:03.952958097 -0500
  • 114,104
  • 20
  • 206
  • 289
  • 1,070
  • 6
  • 8
  • The "correct" answer needs to be a command-line executable tool, not a collection of commands that would have to be strung into a script. – Julie in Austin May 09 '12 at 20:29
  • 2
    Julie, perhaps you're new to Unix. Stringing commands together on a single line is absolutely normal; in fact, it's very common. – mfinni May 09 '12 at 20:31
  • http://en.wikipedia.org/wiki/Unix_philosophy : specifically, Rule of Composition – mfinni May 09 '12 at 20:33
  • @mfinni: I've been using UNIX for 31 years. Trust me -- you use a lot more code I've written, than I use code you've written ;) – Julie in Austin May 09 '12 at 20:40
  • 2
    OK, there you go. If using pipes and such isn't an acceptable answer, explain why in your question, so that you'll get answers that will correctly address your problem. – mfinni May 09 '12 at 20:44

How is the "everything in the right place" defined?

rsync -av --dry-run, probably with -c and --numeric-ids against a reference copy of the filesystem, might do fine for some use cases.

  • 2,487
  • 10
  • 8

Maybe you could use rkhunter for what you need. It checks the permissions and hashes against a database, but it's meant more for finding rootkits. Tripwire would be better, but if you need something more simple.

  • 3,692
  • 1
  • 21
  • 28