dccce1d5cc
This patch gets the docs adjusted to work with the new RHEL 7 STIG version 1 release. The new STIG release has changed all of the numbering, but it maintains a link to (most) of the old STIG IDs in the XML. Closes-bug: 1676865 Change-Id: I65023fe63163c9804a3aec9dcdbf23c69bedb604
662 B
662 B
---id: V-71855 status: implemented tag: packages ---
Ansible tasks will check the rpm -Va output (on CentOS
and RHEL) or the output of debsums (on Ubuntu) to see if
any files installed from packages have been altered. The tasks will
print a list of files that have changed since their package was
installed.
Deployers should be most concerned with any checksum failures for binaries and their libraries. These are most often a sign of system compromise or poor system administration practices.
Configuration files may appear in the list as well, but these are often less concerning since some of these files are adjusted by the security role itself.