Linux Security HOWTO : Security Preparation (before you go on-line) : Backup Your RPM or Debian File Database
Previous: Choosing a Good Backup Schedule
Next: Keep Track of Your System Accounting Data

9.3. Backup Your RPM or Debian File Database

In the event of an intrusion, you can use your RPM database like you would use tripwire, but only if you can be sure it too hasn't been modified. You should copy the RPM database to a floppy, and keep this copy off-line at all times. The Debian distribution likely has something similar.

The files /var/lib/rpm/fileindex.rpm and /var/lib/rpm/packages.rpm most likely won't fit on a single floppy. But if Compressed, each should fit on a seperate floppy.

Now, when your system is compromised, you can use the command:

			root#  rpm -Va
to verify each file on the system. See the rpm man page, as there are a few other options that can be included to make it less verbose. Keep in mind you must also be sure your RPM binary has not been compromised.

This means that every time a new RPM is added to the system, the RPM database will need to be rearchived. You will have to decide the advantages versus drawbacks.


Linux Security HOWTO : Security Preparation (before you go on-line) : Backup Your RPM or Debian File Database
Previous: Choosing a Good Backup Schedule
Next: Keep Track of Your System Accounting Data