CCE-90867-3Platform: rhel7 | Date: (C)2017-06-29 (M)2022-10-10 |
Verify File Hashes with RPM
The RPM package management system can check the hashes of
installed software packages, including many that are important to system
security. Run the following command to list which files on the system
have hashes that differ from what is expected by the RPM database:
'$ rpm -Va | grep '^..5''
A "c" in the second column indicates that a file is a configuration file, which
may appropriately be expected to change. If the file was not expected to
change, investigate the cause of the change using audit logs or other means.
The package can then be reinstalled to restore the file.
Run the following command to determine which package owns the file:
'$ rpm -qf FILENAME'
The package can be reinstalled from a yum repository using the command:
'$ sudo yum reinstall PACKAGENAME'
Alternatively, the package can be reinstalled from trusted media using the command:
'$ sudo rpm -Uvh PACKAGENAME'
Parameter:
Technical Mechanism:
The hashes of important files like system executables should match the
information given by the RPM database. Executables with erroneous hashes could
be a sign of nefarious activity on the system.
Fix:
No Remediation Info
CCSS Severity: | CCSS Metrics: |
CCSS Score : | Attack Vector: |
Exploit Score: | Attack Complexity: |
Impact Score: | Privileges Required: |
Severity: | User Interaction: |
Vector: | Scope: |
| Confidentiality: |
| Integrity: |
| Availability: |
| |
References: