I am trying to locate a tool, not unlike either the "sfc" command on Windows or the "sysck" command on AIX, which can verify that the file contents, ownerships and permissions are correct. The "replace damaged or missing files" functionality in "sfc" isn't what I'm looking for, it's the "verify that all the right parts are in all the right places" capabilities.
The task I'm trying to perform is verifying that a number of different installation and upgrade paths to a specific software release on an embedded Linux product reach the same overall filesystem state -- all the required files and directories exist, have the correct contents (as told by md5sums or similar), owner, group and permissions.
A collection of individual commands -- find, stat, test, etc. -- isn't what I'm looking for. I'm looking for a TOOL, such as either of the ones I mentioned above.
I've searched high and low, but so many of the searches turn up "fsck" that any positive hits are being buried.
You are probably looking for a host-based IDS like Tripwire - it is capable of checking permissions, ownerships and filesystem checksums against a custom policy. Windows SFC does essentially the same thing but on a periodic basis and with a policy which is predefined by Microsoft and cannot be changed by the system's administrator.
Unfortunately, you essentially would have to do manual change runs for the file hash and permission database each time you update your system as major distros would not provide you with pre-populated databases for system integrity verification:
(taken from http://www.centos.org/docs/2/rhl-rg-en-7.2/ch-tripwire.html)
The closest thing I can think of (on redhat based systems) is rpm -aV. This is the verify portion of rpm, which will attempt to check md5 sums, files modes and ownerships are correctly placed for files that are listed as part of the package being inspected, with -a you can do every package which makes up the system.
If you want to fix permissions and modes of packages (all is a bit dangerous possibly).
But the best way to make this work is to run rpm -aV, check the output and ensure / account for any anomalous results each package/file produces. Then on the files/packages that produce errors you can then either reinstall the package (if files differ) or reset the uids/gids/mode on the package provided in the verify output.
Use find + stat combination to get the desired results.
Eg: find /path -type f -exec stat {} \;
How is the "everything in the right place" defined?
rsync -av --dry-run, probably with -c and --numeric-ids against a reference copy of the filesystem, might do fine for some use cases.
Maybe you could use rkhunter for what you need. It checks the permissions and hashes against a database, but it's meant more for finding rootkits. Tripwire would be better, but if you need something more simple.