UCF STIG Viewer Logo

The cryptographic hash of system files and commands must match vendor values.


Overview

Finding ID Version Rule ID IA Controls Severity
V-71855 RHEL-07-010020 SV-86479r2_rule High
Description
Without cryptographic integrity protections, system command and files can be altered by unauthorized users without detection. Cryptographic mechanisms used for protecting the integrity of information include, for example, signed hash functions using asymmetric cryptography enabling distribution of the public key to verify the hash information while maintaining the confidentiality of the key used to generate the hash.
STIG Date
Red Hat Enterprise Linux 7 Security Technical Implementation Guide 2017-12-14

Details

Check Text ( C-72087r1_chk )
Verify the cryptographic hash of system files and commands match the vendor values.

Check the cryptographic hash of system files and commands with the following command:

Note: System configuration files (indicated by a "c" in the second column) are expected to change over time. Unusual modifications should be investigated through the system audit log.

# rpm -Va | grep '^..5'

If there is any output from the command for system binaries, this is a finding.
Fix Text (F-78207r1_fix)
Run the following command to determine which package owns the file:

# rpm -qf

The package can be reinstalled from a yum repository using the command:

# sudo yum reinstall

Alternatively, the package can be reinstalled from trusted media using the command:

# sudo rpm -Uvh