UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

RHEL 9 must be configured so that the cryptographic hashes of system files match vendor values.


Overview

Finding ID Version Rule ID IA Controls Severity
V-257823 RHEL-09-214030 SV-257823r991589_rule Medium
Description
The hashes of important files like system executables should match the information given by the RPM database. Executables with erroneous hashes could be a sign of nefarious activity on the system.
STIG Date
Red Hat Enterprise Linux 9 Security Technical Implementation Guide 2024-06-04

Details

Check Text ( C-61564r925454_chk )
The following command will list which files on the system have file hashes different from what is expected by the RPM database:

$ rpm -Va --noconfig | awk '$1 ~ /..5/ && $2 != "c"'

If there is output, this is a finding.
Fix Text (F-61488r925455_fix)
Given output from the check command, identify the package that provides the output and reinstall it. The following trimmed example output shows a package that has failed verification, been identified, and been reinstalled:

$ rpm -Va --noconfig | awk '$1 ~ /..5/ && $2 != "c"'
S.5....T. /usr/bin/znew
$ sudo dnf provides /usr/bin/znew
[...]
gzip-1.10-8.el9.x86_64 : The GNU data compression program
[...]
$ sudo dnf reinstall gzip
[...]
$ rpm -Va --noconfig | awk '$1 ~ /..5/ && $2 != "c"'
[no output]