RHEL-09-214030 - RHEL 9 must be configured so that the cryptographic hashes of system files match vendor values.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The hashes of important files like system executables should match the information given by the RPM database. Executables with erroneous hashes could be a sign of nefarious activity on the system.

Solution

Given output from the check command, identify the package that provides the output and reinstall it. The following trimmed example output shows a package that has failed verification, been identified, and been reinstalled:

$ rpm -Va --noconfig | awk '$1 ~ /..5/ && $2 != 'c''
S.5....T. /usr/bin/znew
$ sudo dnf provides /usr/bin/znew
[...]
gzip-1.10-8.el9.x86_64 : The GNU data compression program
[...]
$ sudo dnf reinstall gzip
[...]
$ rpm -Va --noconfig | awk '$1 ~ /..5/ && $2 != 'c''
[no output]

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_9_V1R2_STIG.zip

Item Details

References: CAT|II, CCI|CCI-000366, Rule-ID|SV-257823r925456_rule, STIG-ID|RHEL-09-214030, Vuln-ID|V-257823

Plugin: Unix

Control ID: 4000a1831b76c36918b01d8bd846b08fad5320a0f6d379c35728f1cb63e65868