0

I need to verify that access (mode, owner) to all(!) binaries on a solaris 10 box are in accordance with the package that they came from. I could do something like

/usr/bin/find / -type f -perm -u+x,g+x,o+x -exec ls -l {} \; > /tmp/binaries.txt

and then iterate over the list and check with

pkgchk -l –p /path/to/binary

that the file is compliant. Of course, this could be scripted, but still this takes quite some time. I was wondering if there would be a tool or something that lets me go the other way around: for each package installed, check that its content is on disk like if was originally defined in the package (mode and ownership).

Isaac
  • 1,195
  • 3
  • 25
  • 43

1 Answers1

1

Yes, and that utility is also pkgchk, if you don't use the -p option to limit it to certain pathnames, but instead specify either the set of package names to check, or let it default to checking all packages installed on the machine. From the man page:

The first synopsis defined above is used to list or check the contents and/or attributes of objects that are currently installed on the system, or in the indicated pkgmap. Package names may be listed on the command line, or by default, the entire contents of a machine will be checked.

So the syntax to handle 'for each package installed, check that its content is on disk like if was originally defined in the package (mode and ownership)' would simply be:

pkgchk -a

(The -a tells it to just check mode & ownership, not contents. If you remove it to check contents as well, then you'll want to add -n to not check contents of editable files that are expected to change, such as config files.)

alanc
  • 1,500
  • 9
  • 12