AlmaLinux OS 9 must be configured so that the cryptographic hashes of system files match vendor values.

An XCCDF Rule

Details
Profiles

Description

The hashes of important files like system executables should match the information given by the RPM database. Executables with erroneous hashes could be a sign of nefarious activity on the system.

ID: SV-269292r1050174_rule
Version: ALMA-09-024000
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

Given the output from the check command, identify the package that provides the output and reinstall it.

The following trimmed example output shows a package that has failed verification, been identified, reinstalled, and then passed re-verification:

$ rpm -Va --noconfig | awk '$1 ~ /..5/ && $2 != "c"' 
S.5....T.    /usr/bin/tar

$ dnf whatprovides /usr/bin/tar

tar-2:1.34-6.el9_1.x86_64 : GNU file archiving program

$ dnf reinstall tar

$ rpm -Va --noconfig | awk '$1 ~ /..5/ && $2 != "c"' 

[no output]

AlmaLinux OS 9 must be configured so that the cryptographic hashes of system files match vendor values.

Description

Remediation Templates

A Manual Procedure