I always have to look at the man page or search for the cpio options (I usually dont use cpio formats) whenever I wanted the files of a rpm to be extracted without installing it. I thought of putting together a few commands which may help some of you,
Extracting files from an RPM archiverpm2cpio RPM_file | cpio -idmv
The above command will create the rpm directory structure inside the present working directory (pwd) and the entire rpm will be extracted inside the subdirectory.
If you just want to extract the binaries in the folder which rpm may install in /bin/ , /sbin/ , /usr/local/bin/ , /usr/local/sbin then append a few more options / words to the command like below,rpm2cpio RPM_file | cpio -idmv '*/bin/*' '*/sbin/*'
Rebuilding RPM database
Often I have experienced situations where a yum upgrade on RPM based OSes, break the rpm database. Sometimes a reboot usually fixes it, but in case if you want to fix it rightaway without rebooting it, try rebuilding the RPM db by following the below steps,
cd /var/lib
tar cvzf rpmdb.tar.gz ./rpm
rm -f /var/lib/rpm/__db.00?
rpm --rebuilddb
There are many complex situations where rpm --rebuilddb can't help, where you have to use other tools to rebuild DB, the harder way involving, /usr/lib/rpm/rpmdb_dump and /usr/lib/rpm/rpmdb_verify.
Verifying the RPM integrity
If you suspect your machine is hacked and your sshd or netstat or ps or fuser is been replaced by the hacker by their own versions, you can use rpm -V RPM_name to check the integrity of the files installed by the RPM. rpm -Vf /bin/netstat
The above command will verify the integrity of all the files installed by the RPM package which installed the netstat also. If all are fine, you wont get any output, otherwise similar to below can appear.
#rpm -Vf /usr/sbin/sshd
S.5....T c /etc/ssh/sshd_config
S.5....T /usr/sbin/sshd
Notations are below (if 5 is there in the flag, it means md5 differs. More details, man rpm)
5 — MD5 checksum
S — file size
L — symbolic link
T — file modification time
D — device
U — user
G — group
M — mode (includes permissions and file type)
? — unreadable file
Remember this is a very basic test and can help you get the kiddies who is on the learning track, but not the professional hackers, who know their job.
Restoring original attributes of an rpm
Often users messes up the permissions of important files and folders, here for a test I messed up the ownership and permissions of files. Go through it for the steps on restoring the file attributes.
[root@hackcity ~]# rpm -qf /etc/ssh/sshd_config
openssh-server-3.9p1-8.RHEL4.12
[root@hackcity ~]# ls -l /etc/ssh/sshd_config
-rw------- 1 root root 3027 Aug 14 05:07 /etc/ssh/sshd_config
[root@hackcity ~]# chmod 777 /etc/ssh/sshd_config
[root@hackcity ~]# chown hacktech.hacktech /etc/ssh/sshd_config
[root@hackcity ~]# ls -l /etc/ssh/sshd_config
-rwxrwxrwx 1 hacktech hacktech 3027 Aug 14 05:07 /etc/ssh/sshd_config
[root@hackcity ~]# rpm --setperms openssh-server-3.9p1-8.RHEL4.12
[root@hackcity ~]# ls -l /etc/ssh/sshd_config
-rw------- 1 hacktech hacktech 3027 Aug 14 05:07 /etc/ssh/sshd_config
[root@hackcity ~]# rpm --setugids openssh-server-3.9p1-8.RHEL4.12
[root@hackcity ~]# ls -l /etc/ssh/sshd_config
-rw------- 1 root root 3027 Aug 14 05:07 /etc/ssh/sshd_config
Pretty useful RPM options
I will use sshd packages for listing those options,#rpm -q --whatrequires openssh
openssh-clients-3.9p1-8.RHEL4.12
openssh-askpass-gnome-3.9p1-8.RHEL4.12
openssh-askpass-3.9p1-8.RHEL4.12
openssh-server-3.9p1-8.RHEL4.12rpm -qf --stats /etc/ssh/sshd_config
openssh-server-3.9p1-8.RHEL4.12
total: 1 0.000000 MB 0.135489 secs
digest: 2 0.029817 MB 0.006168 secs
signature: 1 0.000000 MB 0.092698 secs
dbget: 6 0.094604 MB 0.005985 secs
Well that's it. If you like RPM read more at http://www.rpm.org/max-rpm/ . BTW Alien is a good program to convert between the rpm, dpkg, stampede slp, and slackware tgz file formats
Saturday, December 09, 2006
Few RPM Management Hacks
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment