RHEL-09-214030 - RHEL 9 must be configured so that the cryptographic hashes of system files match vendor values.

Information

The hashes of important files like system executables should match the information given by the RPM database. Executables with erroneous hashes could be a sign of nefarious activity on the system.

Solution

Given output from the check command, identify the package that provides the output and reinstall it. The following trimmed example output shows a package that has failed verification, been identified, and been reinstalled:

$ rpm -Va --noconfig | awk '$1 ~ /..5/ && $2 != 'c''
S.5....T. /usr/bin/znew
$ sudo dnf provides /usr/bin/znew
[...]
gzip-1.10-8.el9.x86_64 : The GNU data compression program
[...]
$ sudo dnf reinstall gzip
[...]
$ rpm -Va --noconfig | awk '$1 ~ /..5/ && $2 != 'c''
[no output]

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_9_V2R1_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-257823r991589_rule, STIG-ID|RHEL-09-214030, Vuln-ID|V-257823

Plugin: Unix

Control ID: 7ffde3839f13791894f487c6343f20fb488bbcce8e8a159aa0d1a9b01a50a639