Let’s say we need to:
- Find out which package contains the file
/bin/suin Linux - Verify if the file is untainted (from package) or changed in some manner
For RPM (Fedora, Red Hat, CentOS):
$ rpm -q -f /bin/su coreutils-5.97-34.el5
$ rpm -V coreutils-5.97-34.el5
For DEB (Debian, Ubuntu):
$ dpkg -S /bin/su login: /bin/su
$ debsums -s -a login