1

I have been tasked with identifying new (non-operating system) software installed on several Red Hat Enterprise Linux (RHEL) machines. Can anyone suggest an efficient way to do this? The way I was doing it is manually comparing the list of installed software with the list on Red Hat's FTP site for the relevant operating system:

ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/

The problems I am encountering with this method is it is tedious / timeconsuming, and just the source packages are listed (e.g. I can't tell if avahi-glib is installed as part of the avahi package). If anyone can suggest a more efficient way to identify the software that doesn't come with the operating system on a RHEL machine, it would be greatly appreciated!

Here is what I have come up with so far as a more efficient method (though I still haven't figured out the last part, and there may be more efficient methods). If anyone can help me with the last step of this method, or can share a better method, it would be greatly appreciated!

New method (work in progress):

  1. Copy the list of packages from Red Hat's FTP site into a text file (OSPackages.txt).

  2. To fix the problem of just source RPMs being listed, also copy the list of files from the relevant corresponding version in http://vault.centos.org into a text file, and merge this data with OSPackages.txt.

  3. Do a rpm -qa > list1, yum -y list installed > list2, ls /usr/bin > list3, ls /usr/share > list4, ls /usr/lib > list5.

  4. Use cat to merge all the listX files together into InstalledPackages.txt.

  5. Use sort to sort out the unique entries, perhaps like: sort -u -k 1 InstalledPackages.txt > SortedInstalledPackages.txt

  6. Do a diff between SortedInstalledPackages.txt and OSPackages.txt using a regular expression (-I regexp) to identify the package names (and eliminate the version numbers). I would need to also do a "one way diff", e.g. ignore the extra OS packages in OSPackages.txt that do not appear in the installed packages file.

Note: I asked the following question to help me with this part, and believe I am now fairly close to a solution: How do I do a one way diff in Linux?

If diff (or another command) can perform the last step, it should produce a list of packages that don't come on the OS. This is the step I am stuck on and would appreciate further help. What command would I use to perform step 6?

Community
  • 1
  • 1
Jonathan
  • 1,050
  • 1
  • 12
  • 36
  • What determines if it's "non-OS" or not? Like it doesn't exist on any RHEL DVD media?\ – Joe Jun 26 '13 at 12:08
  • Yes, I believe that is a good way to proceed, that it is non-OS if it doesn't come on the RHEL DVD. The main thing I am looking at is determining what additional packages have been installed beyond the basic operating system packages. – Jonathan Jun 26 '13 at 12:11
  • How would you identify something that was compiled from sources and installed system-wide? – devnull Jun 26 '13 at 12:21
  • @devnull - Thats a good question as well, I am currently doing rpm -qa to get the list of packages (but this probably won't include any packages directly installed from source). If anyone can answer this question as well (if there is an answer), it would be greatly appreciated. Perhaps doing a ls in /usr/bin, /usr/share, and /usr/lib would be a good start, though I don't have the time to manually compare all these lists against my software list. – Jonathan Jun 26 '13 at 12:27

4 Answers4

5

rpm -qa --last | less

This will list recently installed rpms with the installed date.

JoshDM
  • 4,939
  • 7
  • 43
  • 72
kallumama
  • 51
  • 1
  • 1
    This works great for packages managed through rpm, and thank you for your suggestion! Would this get everything though? Would this also list packages going back many years? Another problem is it doesn't differentiate between OS packages and packages for installed programs (such as antivirus). – Jonathan Jun 05 '14 at 11:37
  • This also lists all updates, which forms the majority of entries on any maintained system. – OrangeDog Aug 25 '23 at 09:24
1

yum provides some useful information about when & from where a package was installed. If you have the system installation date then can you pull out packages that were installed after that, as well as packages that were installed from different sources & locations.

Coming at it from the other direction you can query rpm to find out which packages provides each of the binaries in /sbin /lib etc ... - any package that doesn't provide a "system" binary or library is part of your initial set for consideration.

ocurran
  • 11
  • 1
  • Would you happen to know the commands to perform these operations? I have looked at the man pages for rpm and yum and haven't found anything useful. So far I have tried "RPM -qai", which gives too much info, and this would be difficult to go through (if I could list just the install date, that should help). "yum list recent" doesn't list anything. – Jonathan Jun 26 '13 at 13:41
1

Get a list of configured repository ids:

yum repolist | tail -n +3 | grep -v 'repolist:' | cut -f1 -d' '

Now identify which are the valid Red Hat repositories. Once you do that you can list all the packages from that repository. For example if I were to do this for Fedora official repositories, I would enlist the package names like so:

yum list installed  --disablerepo="*" --enablerepo="fedora*"

From this list you get which package you have installed.

for p in $PACKAGES; do rpmls $p; done

Or like this: 

yum list installed   --disablerepo="*" --enablerepo="fedora*" \
 | cut -f1 -d' ' \
 | ( while read p; do rpmls $p; done ) \
 | cut -c13-

So have a list of files which are supposed to come from the official repositories.

Now you can list all the installed files using rpm:

rpm -qal

With these two lists, it would be easy to compare the contents of two outputs.

tuxdna
  • 8,257
  • 4
  • 43
  • 61
  • how would I verify which of the repositories are valid Red Hat repositories? – Jonathan Jun 05 '14 at 11:32
  • 1
    You can find which are valid repositories by looking at configured repositories in `/etc/yum.repos.d/`. Check for repo files which begin with `rhel*` – tuxdna Jun 05 '14 at 14:00
1

If redhat has an equivalent of /var/log/installer/initial-status.gz on Ubuntu systems then you could cat that to a tmpfile and then search for installed packages and grep -v the tmpfile.

One of the first scripts I wrote to learn Linux did this exact same thing on Ubuntu:

https://gist.github.com/sysadmiral/d58388e315a6c6384053aa6b0af66c5f

This works on Ubuntu and may work on other Debian based systems or systems that use aptitude package manager. It doesn't work on Redhat/CentOS but I added it here as a starting point I guess.

Disclaimer: It will not pickup manually compiled things i.e. your package manager needs to know about it for this script to show it.

Personal Disclaimer: please forgive the none use of tee. I was still learning the ropes when I wrote this and have never updated the code for nostalgia's sake.

sysadmiral
  • 261
  • 1
  • 7
  • I looked at and tried your script, and have run into the following issues: it appears that the command "aptitude" is not on my system. I also do not know if / where there is an equivalent .gz file in Red Hat / CentOS (e.g. it is at least not in the same location as described above). It is at the very least a good starting point and probably works great on Ubuntu. – Jonathan Jun 04 '14 at 17:05