--- RHEL6/input/system/software/integrity.xml | 8 ++++++++ 1 file changed, 8 insertions(+)
diff --git a/RHEL6/input/system/software/integrity.xml b/RHEL6/input/system/software/integrity.xml index 44bb1b2..14730e2 100644 --- a/RHEL6/input/system/software/integrity.xml +++ b/RHEL6/input/system/software/integrity.xml @@ -174,7 +174,15 @@ have hashes that differ from what is expected by the RPM database: <pre># rpm -Va | grep '^..5'</pre> A "c" in the second column indicates that a file is a configuration file, which may appropriately be expected to change. +If the file that has changed was not expected to then refresh from distribution media or online repositories. +<pre>rpm -Uvh <i>affected_package</i></pre> +OR +<pre>yum reinstall <i>affected_package</i></pre> </description> +<ocil clause="there is output"> The following command will list which files on the system +have file hashes different from what is expected by the RPM database. +<pre># rpm -Va | grep '$1 ~ /..5/ && $2 != "c"'</pre> +</ocil> <rationale> The hash on important files like system executables should match the information given by the RPM database. Executables with erroneous hashes could be a sign of nefarious activity