[PLUG] RPM Question
Paul Heinlein
heinlein at madboa.com
Wed Dec 12 21:17:42 UTC 2007
On Wed, 12 Dec 2007, Galen Seitz wrote:
> Daniel.Roberts at sanofi-aventis.com wrote:
>> Hello All
>>
>> On a redhat system..how can I figure out when rpm was last run?
>> I am trying to figure out if someone besides myself is running RPM...or
>> possibly how if at all a package which I thought got installed has now
>> been removed ed..
>
> This isn't exactly what you want, but it's a start. This command will
> show all installed packages, sorted by install time.
>
> rpm -qa --last
I'm unsure if you're actually interested in knowing when someone runs
the rpm binary or not. The Red Hat packaging system can be accessed
via some shared libraries, so keeping an eye on /bin/rpm won't
necessarily be an accurate way of knowing when there's been rpm-like
activity.
It'd probably be more useful to keep an eye on the /var/lib/rpm
directory or one or more of the database files it contains.
If you have SELinux installed and configured, you can have the audit
daemon keep an eye on certain files. See /usr/share/doc/audit-* and
the sample rules files there for information on monitoring a certain
file or directory.
--
Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/
More information about the PLUG
mailing list