Ubuntu – On Ubuntu, is there a way to find out what files are NOT associated with installed apt packages

aptpackage-management

I know in RedHat, you can use find / –exec rpm -qf {} \; |grep "is not" to find files that are not associated with packages. One reason I need this is to find files that are installed from source so I know what packages I need to build from source and make everything go through the package manager. I'm coming into managing a system that someone else was loose with on the package management side of things and I need to ensure that the security is good so no stray rootkits, etc are installed.

Best Answer

The same method, different command:

$ dpkg -S /etc/profile
dpkg-query: no path found matching pattern /etc/profile
$ dpkg -S /etc/ssh/ssh_config 
openssh-client: /etc/ssh/ssh_config

Related Solutions

Ubuntu – Are ubuntu packages (deb-files) only md5sum secured

Ubuntu publishes a manifest that is signed with an RSA key. The manifest lists individual Packages index files, each with MD5, SHA-1 and SHA-256 hashes. Each Packages file lists individual .deb files with MD5, SHA-1 and SHA-256 hashes.

For verification, apt uses the best hash that it supports and is published by the archive it is downloading from. In the case of the Ubuntu archive, this is SHA-256.

So the entire chain of installing packages on your Ubuntu system is protected by RSA and SHA-256.

The MD5 protection that exists in dpkg is really only useful for accidental corruption, and not necessary to protect the installation path.

You might be interested in the debsums package, but since it uses MD5s, it also is only useful for checking for accidental corruption.

If you want to check for malicious system modification, then these are not the appropriate tools for you. You will need to take the system offline and check against either a previous record, the original package files, or secure hashes generated from these.

Note that since a successful malicious modification might be to simply downgrade a package to the one prior to a security update, checking that all installed package files match against their originals may not be sufficient either.

Ubuntu – What’s the difference between apt-get install and apt-get build-dep

The short version.

apt-get install

installs a new package, automatically resolving and downloading dependent packages. If package is installed then try to upgrade to latest version.

apt-get build-dep

Causes apt-get to install/remove packages in an attempt to satisfy the build dependencies for a source package.

The command sudo apt-get build-dep packagename means to install all dependencies for 'packagename' so that I can build it". So build-dep is an apt-get command just like install, remove, update, etc.

The build-dep command searches the local repositories in the system and install the build dependencies for package. If the package does not exists in the local repository it will return an error code.

For installing matplotlib see To Install matplotlib on Ubuntu

^{Source:ManPage & Ravi Saive}

Best Answer

Related Solutions

Ubuntu – Are ubuntu packages (deb-files) only md5sum secured

Ubuntu – What’s the difference between apt-get install and apt-get build-dep

Related Question