AlmaLinux OS 9 must be configured so that the cryptographic hashes of system files match vendor values.

STIG ID: ALMA-09-024000  |  SRG: SRG-OS-000480-GPOS-00227 |  Severity: medium |  CCI: CCI-000366 |  Vulnerability Id: V-269292

Vulnerability Discussion

The hashes of important files like system executables should match the information given by the RPM database. Executables with erroneous hashes could be a sign of nefarious activity on the system.

Check

The following command will list which files on the system have file hashes different from what is expected by the RPM database:

$ rpm -Va --noconfig | awk '$1 ~ /..5/ && $2 != "c"'

If there is an output, this is a finding.

Fix

Given the output from the check command, identify the package that provides the output and reinstall it.

The following trimmed example output shows a package that has failed verification, been identified, reinstalled, and then passed re-verification:

$ rpm -Va --noconfig | awk '$1 ~ /..5/ && $2 != "c"'

S.5....T. /usr/bin/tar

$ dnf whatprovides /usr/bin/tar

tar-2:1.34-6.el9_1.x86_64 : GNU file archiving program

$ dnf reinstall tar

$ rpm -Va --noconfig | awk '$1 ~ /..5/ && $2 != "c"'

[no output]
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.