I was looking @ NHF RPM cheat sheet @: http://www.linuxnewbie.org/nhf/intel/distros/redh/rpmcheat.html

& it said:
To just see what packages have changed so that you can verify them more individually, you can do the following:
rpm -Va | awk '{print $2}' | xargs rpm -qf | sort -u &> /tmp/file1

Why would U do that? Because of crackers/viruses? Once U find a suspicious RPM what should U do? On my machine the following rpms were modified (half I know why they are different):

ApacheJServ-1.1.2-1
at-3.1.7-11
dev-2.7.10-2
filesystem-1.3.5-1
gnome-core-1.0.54-2
inews-2.2.1-1
ircii-4.4M-1
kernel-headers-2.2.16-3
knfsd-clients-1.4.7-7
libclntsh-1.0-1
linuxconf-1.16r3.2-2
lpr-0.50-7.6.x
lsof-4.47-5
MySQL-3.23.32-1
MySQL-client-3.23.32-1
mysql-server-3.23.32-1.7
nfs-utils-0.1.9.1-1
perl-5.00503-6
pythonlib-1.23-1
rsh-0.10-28
sendmail-8.9.3-15
sessionmon-3.0-5
tablebrowser-3.0-5
tomcat-3.1-4
up2date-1.0.1-1
words-2-12
wu-ftpd-2.6.0-1
wu-ftpd-2.6.0-14.6x
:eek:

--Verification To see what files on the system may have changed from their initial settings you can use RPM, to check up on them. rpm -Va will give you a list of all files that have changed in one form or another since the package it is associated was installed. This can be a lot of files (and a lot may be changed due to post installation work).



It compares the individual files that were installed originally from the RPM and compares them to the files within the RPM and lists the ones that have changed. This could be a configuration file that was modified after the package was installed and will show up in the list of files that differ from the original.

Don't worry as it has nothing to do with any virus or crackers. Just reread the paragraph from the NHF.

Perhaps I confused you (did myself).

You installed a RPM that contains a file named foo.conf and after the install is complete you make modifications to foo.conf. When you execute the compare command, it will see that foo.conf does not match the foo.conf in the original RPM.

A little better?