Linux

# how to see what files were changed – is system okay – is system not curropt
##################################################

This will scan all pacakges and check for curroption based on checksums. A good system will have almost nothing curropt, or maybe 1 file. Config files are allowed to be different as we change them, but excluding  config files, the system files shouldnt be curropt (if its a none important file, or one that changes often then its okay if its changed

Download step
===============

First login as root for best results (so can read all files)

# apt-get install debsums

SCAN ALL
==========

# debsums -a > ~/debsums-a-results.txt &

I put it in background with that last & character because its a long process, you could be doing other things in the mean time, bash shell will notify you when its done (you can monitor if its still runing by type “jobs” or “jobs -l” or looking at proccesses with “ps aux” or “top -c”)

everything that is OK and in good condition ends in OK so lets find what doesnt end in OK

# cat ~/debsums-a-new | grep -v OK$

To see whats okay:

# cat ~/debsums-a-new | grep -v OK$

Or in short:

# debsums -a | grep -v OK$ 
# debsums -a | grep -v OK$ > ~/debsums-a-whats-changed
# debsums -a | grep -v OK$ | tee ~/debsums-a-whats-changed.txt

For me what wasnt okay is this:

/etc/apache2/sites-available/default-ssl FAILED
/etc/apache2/sites-available/default FAILED
/etc/apache2/apache2.conf FAILED
/etc/bind/named.conf.options FAILED
/etc/bind/named.conf.local FAILED
/etc/console-setup/compose.ISO-8859-15.inc FAILED
/etc/console-setup/compose.ISO-8859-4.inc FAILED
/etc/console-setup/compose.ISO-8859-13.inc FAILED
/etc/console-setup/compose.ISO-8859-9.inc FAILED
/etc/console-setup/compose.ISO-8859-14.inc FAILED
/etc/console-setup/remap.inc FAILED
/etc/console-setup/compose.ISO-8859-1.inc FAILED
/etc/console-setup/compose.VISCII.inc FAILED
/etc/console-setup/compose.ISO-8859-2.inc FAILED
/etc/console-setup/compose.ISO-8859-3.inc FAILED
/etc/console-setup/compose.ISO-8859-7.inc FAILED
/usr/share/keyrings/debian-archive-removed-keys.gpg FAILED
/etc/grub.d/05_debian_theme FAILED
/usr/share/doc/hdparm/wiper/README.txt.gdebsums: missing file /etc/udev/hdparm.rules (from hdparm package)
/etc/logrotate.conf FAILED
/usr/share/doc/minicom/tables/mc.pc8 debsums: no md5sums for module-init-tools
/etc/ntp.conf FAILED
/etc/rsyslog.conf FAILED
/usr/share/doc/socat/README.gz debsums: no md5sums for squid-common
/etc/sudoers FAILED
/etc/sysstat/sysstat FAILED
/etc/vim/vimrc FAILED

 

These are just configuration files, so we are okay
If there was important system files that were changed then we would be in a worse situation

SCAN EVERYTHING NOT INCLUDING CONFIG FILES (exclude config files)
==================================================

To scan everything besides the config files, just run debsums without any arguments

To scan all excluding configuration files:
# debsums > ~/debsums-a-results.txt &

Again I put it in the background as it will take a minute

everything that is OK and in good condition ends in OK so lets find what doesnt end in OK

# cat ~/debsums-a-new | grep -v OK$

To see whats okay:

# cat ~/debsums-a-new | grep -v OK$

Or in short:

# debsums | grep -v OK$ 
# debsums | grep -v OK$ > ~/debsums-whats-changed
# debsums | grep -v OK$ | tee ~/debsums-whats-changed.txt

For me what wasnt okay is this:

# cat ~/debsums-new | grep -v OK$
/usr/share/keyrings/debian-archive-removed-keys.gpg FAILED

Notice by excluding the scan of config files the results of what is not okay is much smaller. It just so happens this file is okay to not be okay (I think…, i mean everything is running great and my system is not crying about gpg keys)

So only that one file, which happens to be updated during updates with apt-get so its not big deal. It would be a big if it was a system file of major importance.

Leave a Reply

Your email address will not be published. Required fields are marked *