Find Out When an RPM Was Installed

By | 03/04/2009

Just the other day we were auditing some of the packages on our production application servers and found a few that we were surprised about.  None of us remember installing them, so we set out to try and find out who might have done it, and when it might have happened.  The other two admins started grepping through the history files and looking at old, archived log data.  I used the information within the RPM database and simply asked the machine when it was installed:


[[email protected] ~]# rpm -qi htop
Name        : htop                         Relocations: (not relocatable)
Version     : 0.7                               Vendor: Dag Apt Repository, http://dag.wieers.com/apt/
Release     : 1.el5.rf                      Build Date: Sat 24 Nov 2007 07:24:19 AM MST
Install Date: Tue 04 Nov 2008 04:02:40 PM MST      Build Host: lisse.leuven.wieers.com
Group       : Applications/System           Source RPM: htop-0.7-1.el5.rf.src.rpm
Size        : 148330                           License: GPL
Signature   : DSA/SHA1, Sat 24 Nov 2007 07:29:40 AM MST, Key ID a20e52146b8d79e6
Packager    : Dag Wieers <[email protected]>
URL         : http://htop.sourceforge.net/
Summary     : Interactive process viewer
Description :
htop is an interactive process viewer for Linux.

As you can see in the example above, the RPM database provides information on “Install Date”, including the time. With this information I was able to report to the other admins that the htop package was installed on Tue 04 Nov 2008 at 4:02:40 PM MST. That is more specific than anything they’d find looking through old log data!

Leave a Reply

Your email address will not be published. Required fields are marked *