Anyone know if there is an `rpm verify` type of capability w

Question

Anyone know if there is an `rpm verify` type of capability with OSQuery I think not but maybe I m missing a way to do this Could be a good first contribution task for me thinking face <http ftp rpm org max rpm ch rpm verify html>

seph · Answer

I don t know if there s a table quite like rpm verify There is a `rpm package files` and a `rpm packages` table I suspect one could construct SQL to use the sha from `rpm package files` the file table and the `hash` table to create that functionality I have no idea how performant it would be As a side note osquery does not shell out to collect information

Daniel Cross · Answer

I ll have a play and see what I can do Mostly collecting that info into OpenSearch so may be able to pull together similar or better using this plus FIM