LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-24-2015, 12:25 PM   #1
srsnic
LQ Newbie
 
Registered: Apr 2015
Posts: 4

Rep: Reputation: Disabled
Question Center for Internet Security setting Centos 6.6


Setting information
1.2.4 Verify Package Integrity Using RPM (Not Scored)
Profile Applicability:
Level 1
Description:
RPM has the capability of verifying installed packages by comparing the installed files against the file information stored in the package.
Rationale:
Verifying packages gives a system administrator the ability to detect if package files were changed, which could indicate that a valid binary was overwritten with a trojaned binary.
Audit:
Perform the following to verify integrity of installed packages.
# rpm -qVa | awk '$2 != "c" { print $0}' If any output shows up, you may have an integrity issue with that package
Note: Actions in other areas of the benchmark change permissions on some files to make them more secure than the default, which would cause this check to fail. It is important to validate the packages either have the permissions they were intended to have, or have been intentionally altered. It is recommended that any output generated in the audit step be investigated to justify the discrepancy.
Remediation:
Address unexpected discrepancies identified in the audit step.


The results from command
Problem Centos 6.6

Ran this command
[root@baseivas ~]# rpm -qVa | awk '$2 != "c" { print $0}'
this is what it showed don't know what it means or how to fix if it needs fixing


.M....G.. /var/log/gdm
.M....... /var/run/gdm
missing /var/run/gdm/greeter
prelink: /usr/lib/libhpip.so.0.0.1: at least one of file's dependencies has changed since prelinking
S.?...... /usr/lib/libhpip.so.0.0.1
prelink: /usr/lib/libhpmud.so.0.0.6: at least one of file's dependencies has changed since prelinking
S.?...... /usr/lib/libhpmud.so.0.0.6
.......T. /lib/modules/2.6.32-504.12.2.el6.i686/modules.softdep
.......T. /lib/modules/2.6.32-504.30.3.el6.i686/modules.softdep
[root@baseivas ~]#


Not sure how to fix this ...can anyone explain to me what is going on. I am a newbie and I am learning Linux as I go, so the great details you can provide,I would greatly appreciate it. Thanks
 
Old 11-24-2015, 03:18 PM   #2
John VV
LQ Muse
 
Registered: Aug 2005
Location: A2 area Mi.
Posts: 17,400

Rep: Reputation: 2584Reputation: 2584Reputation: 2584Reputation: 2584Reputation: 2584Reputation: 2584Reputation: 2584Reputation: 2584Reputation: 2584Reputation: 2584Reputation: 2584
cent6.6 is not supported
please UPGRADE to the only supported version in the 6 series
CentOS 6.7 ( 6.8 will be released soon )

depending on how you set up the repo files in/etc/yum.repo.d/???.repo
a normal "update" or other means are needed

please check that you are using the OLD 6.6 and not the current 6.7
Code:
su -
cat /etc/redhat-release
it SHOULD be 6.7 , but if not
upgrade

a normal update "should" upgrade to 6.7
Code:
su -
yum clean all
yum update 
---- then when done ----
reboot
and rerun the above "cat" command and check

if still 6.6 then other things need to be done
 
Old 11-29-2015, 06:22 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,393
Blog Entries: 55

Rep: Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565
Quote:
Originally Posted by John VV View Post
cent6.6 is not supported (..) if still 6.6 then other things need to be done
Is it really helpful for the OP to only elaborate on what's current and what not and so dodge answering the question? I think not. Please do not do that again.


The explanation is in 'man rpm' in the "VERIFY OPTIONS" section. Be sure to read it.
Quote:
Originally Posted by srsnic View Post
Code:
.M....G..    /var/log/gdm
.M.......    /var/run/gdm
missing     /var/run/gdm/greeter
Capital m stands for mode (like permissions). "missing" means just that: the item is missing on the file system. You can create the directory with the right ownership and access permissions (see 'rpm -qlv gdm|grep gdm/greeter;') but if this is a headless server then it should not be running GNOME Display Manager in the first place.


Quote:
Originally Posted by srsnic View Post
Code:
prelink: /usr/lib/libhpip.so.0.0.1: at least one of file's dependencies has changed since prelinking
S.?......    /usr/lib/libhpip.so.0.0.1
prelink: /usr/lib/libhpmud.so.0.0.6: at least one of file's dependencies has changed since prelinking
S.?......    /usr/lib/libhpmud.so.0.0.6
What it says: a dependency (checked by its hash) changed. Given that Fedora removed 'prelink' around Fedora 20 and given the price of RAM, if this is a server then you might not find that prelink will give you much speed benefits in the first place. If you found the issues do not outweigh the benefits and if you have have determined you do not need prelink (also see this) then first disable, then undo and then remove prelinking.


Quote:
Originally Posted by srsnic View Post
Code:
.......T.    /lib/modules/2.6.32-504.12.2.el6.i686/modules.softdep
.......T.    /lib/modules/2.6.32-504.30.3.el6.i686/modules.softdep
The modification time is not the same as recorded in the RPMDB. This is common for files that are modified after installing the package like configuration files (which saved 'depmod -ae' output kind of is too). Note changed file modification time may also be an indication of a breach of compromise so always investigate so you know if it was a legitimate action or not.


Quote:
Originally Posted by srsnic View Post
I am a newbie and I am learning Linux as I go
Good luck. Like any (budding) specialist you should aim to excel in what you do. Actively increasing your knowledge by reading and practicing a lot will help.


//NTLB
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Setting up Tor for Internet security? JosephS Linux - Software 6 02-13-2015 04:14 PM
LXer: Test Center guide to browser security LXer Syndicated Linux News 0 02-04-2009 07:41 AM
Setting up a Linux Media Center PC? Jezston Linux - Newbie 5 01-25-2009 12:58 PM
LXer: Elemental Security Platform Earns Certification from the Center ... LXer Syndicated Linux News 0 04-11-2006 06:03 AM
Problems Configuring Security via Mandrake Control Center vous Mandriva 5 03-17-2005 07:20 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:59 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration