f422da8599
Add support for the openSUSE Leap distributions. The security rules are similar to the RedHat and Ubuntu ones. We also replace ansible_os_family with ansible_pkg_mgr since the former does not return consistent results across different SUSE distributions especially on older Ansible versions. Change-Id: I20ffe17039bb641aad70d8123f0b7e7417a42cba
677 B
677 B
---id: V-71855 status: implemented tag: packages ---
Ansible tasks will check the rpm -Va output (on CentOS,
RHEL, openSUSE and SLE) or the output of debsums (on
Ubuntu) to see if any files installed from packages have been altered.
The tasks will print a list of files that have changed since their
package was installed.
Deployers should be most concerned with any checksum failures for binaries and their libraries. These are most often a sign of system compromise or poor system administration practices.
Configuration files may appear in the list as well, but these are often less concerning since some of these files are adjusted by the security role itself.