Verify installed files vs. packages in Ubuntu

Is there some simple way to check installation integrity on Ubuntu (or other Debian based) Linux?

What I would like to check that local files match in (/bin /etc…) the files in packages (or repositories) and also check that there are no extra files installed.

Why you may ask? I would like to check if machine in question was compromised as it was running non-LTS Ubuntu and was left without updates for quite a while.

1 Like

dpkg has a --verify option.

sudo dpkg --verify

debsums uses the same dpkg checksum capabilities, but is more sugary. You’ll have to install the debsums package first.

Be aware that Ubuntu makes use of other package managers as well, such as Flatpak and Snaps. You’ll need to find and use similar commands for those package managers if you have them installed.

Final note, there may be a high rate of false-positives due to bugs in the packages themselves.

2 Likes

These commands gave good indication that installed packages were ok, Thanks.

I’m wondering how I could find if there are files that not from installed packages. Sort of reverse from those commands. Maybe I could write script that would do say ls /bin and check each file against /var/lib/dpkg/info/*.md5sums and list if its not found. Maybe…

For a Debian based system, if you want to see if a file is provided by a package, you would run something like

apt-file search </path/filename|filename>

you may need to install apt-file as I don’t know if that comes with Ubuntu native. I use Debian.