cat /var/lib/dpkg/info/*.md5sums|grep usr/sbin/sshd|sed 's,usr,/usr,'|md5sum -c

Verify a file has not been tampered with since dpkg installation

Replace "user/sbin/sshd" with the file you would like to check. If you are doing this due to intrusion, you obviously would want to check size, last modification date and md5 of the md5sum application itself. Also, note that "/var/lib/dpkg/info/*.md5sums" files might have been tampered with themselves. Neither to say, this is a useful command.
Sample Output
/usr/sbin/sshd: OK

0
By: Ztyx
2013-03-12 11:20:48

These Might Interest You

  • This functionality seems to be missing from commands like dpkg. Ideally, I want to duplicate the behavior of rpm --verify, but it seems difficult to do this in one relatively short command pipeline. Show Sample Output


    0
    dpkg-query -Wf '${Package}\n' | xargs dpkg --status | sed '/^Conffiles:/,/^Description:/!d;//d' | awk '{print $2 " " $1}' | md5sum -c 2>/dev/null | grep FAILED$ | cut -f1 -d':'
    hallmarc · 2013-01-31 16:52:38 0
  • This script compares the modification date of /var/lib/dpkg/info/${package}.list and all the files mentioned there. It could be wrong on noatime partitions. Here is non-oneliner: #!/bin/sh package=$1; list=/var/lib/dpkg/info/${package}.list; inst=$(stat "$list" -c %X); cat $list | ( while read file; do if [ -f "$file" ]; then acc=$(stat "$file" -c %X); if [ $inst -lt $acc ]; then echo used $file exit 0 fi; fi; done exit 1 ) Show Sample Output


    1
    package=$1; list=/var/lib/dpkg/info/${package}.list; inst=$(stat "$list" -c %X); cat $list | (while read file; do if [ -f "$file" ];then acc=$(stat "$file" -c %X); if [ $inst -lt $acc ]; then echo used $file; exit 0; fi; fi; done; exit 1)
    pipeliner · 2010-09-20 18:10:19 0

  • -4
    gpg --verify file.txt.asc file.txt
    kev · 2011-09-17 04:58:56 0
  • 'dpkg -S' just matches the string you supply it, so just using 'ls' as an argument matches any file from any package that has 'ls' anywhere in the filename. So usually it's a good idea to use an absolute path. You can see in the second example that 12 thousand files that are known to dpkg match the bare string 'ls'. Show Sample Output


    45
    dpkg -S /usr/bin/ls
    bwoodacre · 2009-04-18 18:18:23 11
  • Recently in Debian Wheezy the dpkg command refuses to work with wildcards, so this is the one-liner alternative.


    0
    sudo dpkg -P $(sudo dpkg -l yourPkgName* | awk '$2 ~ /yourPkgName.*/' | awk '$1 ~ /.i/' | awk '{print $2}')
    woohoo · 2014-08-02 18:14:02 1
  • Recently in Debian Wheezy the dpkg command refuses to work with wildcards, so this is the one-liner alternative. (alternative to #13614)


    0
    sudo dpkg -P $(dpkg -l yourPkgName* | awk '$2 ~ /yourPkgName.*/ && $1 ~ /.i/ {print $2}')
    wejn · 2014-08-06 22:40:32 0

What do you think?

Any thoughts on this command? Does it work on your machine? Can you do the same thing with only 14 characters?

You must be signed in to comment.

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands



Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: