I previously posted in my useful comments entry how to validate rpm files on an rpm based Linux server using `rpm -Va` and then checking the output. So how do you do this on Solaris 10? It’s actually quite simple. Use the pgkchk command. If you want to check a specific package use:
pkgchk <package name>
If it doesn’t return anything that package is fine. If you want to make sure it is checking the files you can always use the -v parameter:
pkgchk -v <package name>
If you want to validate all of the packages on the system, don’t add any parameters (of course, you can always use -v here, but then you won’t be able to keep track of the errors.
Of course, just because something comes up doesn’t mean that you’ve been hacked or anything, just that someone or something has modified the particular file since it was installed. You will need to go through each of the files it finds and decide if that is normal or not for your own individual installation. You can also just check file attributes only (-a) or file content only (-c).
Note: Since all of the errors that pkgchk finds are sent to standard error, you need to make sure you redirect standard error to a file if you want to save the contents somewhere. So to save to a file you may want to run something like this:
pkgchk > /root/pkgchk.errors 2>&1
Follow up – How do you easily list what packages are installed on your system (rpm -qa)? With the pkginfo command without any parameters!