You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In RHEL7, the rule "Verify and Correct File Permissions with RPM", ask for "Check the file permissions, ownership, and group membership".
To check if it is ok, and detect which files are wrong, the guide proposes:
rpm -Va | grep '^.M'
But the character M just warn for "Mode differs (includes permissions and file type)":
Details:
man rpm
....
S file Size differs
M Mode differs (includes permissions and file type)
5 digest (formerly MD5 sum) differs
D Device major/minor number mismatch
L readLink(2) path mismatch
U User ownership differs
G Group ownership differs
T mTime differs
P caPabilities differ
...
To check ownership and membership too, could it be better to use the below command?
rpm -Va |awk '$1 ~ /[MUG]/{print $3}'
Example
cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.2 (Maipo)
uname -a
Linux localhost.localdomain 3.10.0-327.el7.x86_64 #1 SMP Thu Oct 29 17:29:29 EDT 2015 x86_64 x86_64 x86_64 GNU/Linux
@bgjoseluis Hello, after looking at oval definitions for this rule in ./shared/oval/rpm_verify_permissions.xml I found out that the oval checks are correct, they are checking for mode, user ownership and group ownership.
What need to be fixed is description of the rule in ./shared/xccdf/system/software/integrity.xml and also its remediation in ./shared/templates/static/bash/rpm_verify_permissions.sh. The remediation only corrects the mode but not the user and group ownerships.
Thank you for pointing to this. Are you planning to fix this in some pull request?
Hello,
just trying to help.
In RHEL7, the rule "Verify and Correct File Permissions with RPM", ask for "Check the file permissions, ownership, and group membership".
To check if it is ok, and detect which files are wrong, the guide proposes:
rpm -Va | grep '^.M'
But the character M just warn for "Mode differs (includes permissions and file type)":
Details:
man rpm
....
S file Size differs
M Mode differs (includes permissions and file type)
5 digest (formerly MD5 sum) differs
D Device major/minor number mismatch
L readLink(2) path mismatch
U User ownership differs
G Group ownership differs
T mTime differs
P caPabilities differ
...
To check ownership and membership too, could it be better to use the below command?
rpm -Va |awk '$1 ~ /[MUG]/{print $3}'
Example
cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.2 (Maipo)
uname -a
Linux localhost.localdomain 3.10.0-327.el7.x86_64 #1 SMP Thu Oct 29 17:29:29 EDT 2015 x86_64 x86_64 x86_64 GNU/Linux
rpm -Va |awk '$1 ~ /[MUG]/{print $0}'
ls -l /etc/nsswitch.conf
-rw-r--r--. 1 root root 1723 Sep 19 13:10 /etc/nsswitch.conf
chown root:joseluis /etc/nsswitch.conf
ls -l /etc/nsswitch.conf
-rw-r--r--. 1 root joseluis 1723 Sep 19 13:10 /etc/nsswitch.conf
rpm -Va |awk '$1 ~ /[MUG]/{print $0}'
......G.. c /etc/nsswitch.conf
chown joseluis:joseluis /etc/nsswitch.conf
rpm -Va |awk '$1 ~ /[MUG]/{print $0}'
.....UG.. c /etc/nsswitch.conf
Please take care that in RHEL6 guides, the same rule is only related to permissions, not to the owner and any group.
Many thanks for your help and time.
JLBG
PS; please excuse me if i have not expressed correctly, nglish is not my natural language.
The text was updated successfully, but these errors were encountered: