How to identify package of particular file and verify its integrity

Let’s say we need to:

  1. Find out which package contains the file /bin/su in Linux
  2. Verify if the file is untainted (from package) or changed in some manner

For RPM (Fedora, Red Hat, CentOS):

$ rpm -q -f /bin/su
coreutils-5.97-34.el5
$ rpm -V coreutils-5.97-34.el5

For DEB (Debian, Ubuntu):

$ dpkg -S /bin/su
login: /bin/su
$ debsums -s -a login

Leave a Reply

Your email address will not be published. Required fields are marked *