Hello, Regarding rule "Verify file hashes with RPM", which files resides here: https://github.com/ComplianceAsCode/content/tree/master/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes
>From description in rule.yml I understand that altered files should be reported and, altered configuration files should be reported analyzed individually. 1. Is this the intended action? To evaluate altered configuration files? Looking at the OVAL check, it mostly cares about altered files under /bin, /sbin ,/lib ,/lib64 or /usr (mainly executables and libraries according to comment). 2. Is this restriction only to optimize for search of libraries and binaries? I see a slight misalignment between check and description. This way we won't be catching much changes in config files. -- Watson Sato Security Technologies | Red Hat, Inc
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
