This command will produce a list of modified config files on the system that are modified from what they were in their packages:
rpm -qa | xargs sudo rpm --verify --nomtime | sed 's/.* *. //'
Note a couple weaknesses:
- Missing files count as modified. If you omit the
sedcommand from the end of the pipeline, it will show you what ones are missing in a human (but not really machine)-friendly format.
- It will only find files that are explicitly in their original packages. This means that if you have a program such as httpd where you are expected to add your config files inside a certain directory, it will not find anything that you added. This could be fixed with a script that searches for *.d directories in the listed config files.