运行下面的命令可以检查rpm包安装后发生了什么改变

# rpm -VaS.5....T.  c /etc/watchdog.confS.5....T.  c /etc/xinetd.d/tftpS.5....T.  c /etc/rc.d/rc.localS.5....T.  c /etc/sysctl.confS.5....T.  c /etc/bashrcS.5....T.  c /etc/dhcp/dhcpd.conf....L....  c /etc/pam.d/fingerprint-auth....L....  c /etc/pam.d/password-auth....L....  c /etc/pam.d/smartcard-auth....L....  c /etc/pam.d/system-authS.5....T.  c /etc/security/limits.confS.5....T.  c /etc/postfix/main.cfS.5....T.  c /etc/ssh/sshd_configS.5....T.  c /etc/nanorcS.5....T.  c /etc/httpd/conf/httpd.conf

代码的意思是

S file Size differsM Mode differs (includes permissions and file type)5 digest (formerly MD5 sum) differsD Device major/minor number mismatchL readLink(2) path mismatchU User ownership differsG Group ownership differsT mTime differsP caPabilities differ

以 /etc/watchdog.conf为例

S.5....T. c /etc/watchdog.conf

第一个字母S，是文件size发生了变化

第二个是数字5，是文件的md5值发生了变化

第三个字母T，是mtime发生了变化

第四个字母c，是change的缩写。

可以看出，这个文件在watchdog软件包安装后，发生了编辑行为。由于是配置文件发生修改，基本可以视作正常的，如果是二进制文件被修改，就值得注意了。