0a7a9932a0
This patch adds tasks which check for files that have been modified since their packages were installed. This can sometimes be sign of compromise. Any files failing checksum validation are displayed for the deployer to review. Implements: blueprint security-rhel7-stig Change-Id: I5ccc375ecb08e51c51dab80b47a190050731f700
670 B
670 B
---id: RHEL-07-010020 status: implemented tag: packages ---
Ansible tasks will check the rpm -Va output (on CentOS
and RHEL) or the output of debsums (on Ubuntu) to see if
any files installed from packages have been altered. The tasks will
print a list of files that have changed since their package was
installed.
Deployers should be most concerned with any checksum failures for binaries and their libraries. These are most often a sign of system compromise or poor system administration practices.
Configuration files may appear in the list as well, but these are often less concerning since some of these files are adjusted by the security role itself.