RHEL 9 must be configured so that the cryptographic hashes of system files match vendor values.
An XCCDF Rule
Description
<VulnDiscussion>The hashes of important files like system executables should match the information given by the RPM database. Executables with erroneous hashes could be a sign of nefarious activity on the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-257823r925456_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Given output from the check command, identify the package that provides the output and reinstall it. The following trimmed example output shows a package that has failed verification, been identified, and been reinstalled:
$ rpm -Va --noconfig | awk '$1 ~ /..5/ && $2 != "c"'
S.5....T. /usr/bin/znew
$ sudo dnf provides /usr/bin/znew
[...]