Hello,
Regarding rule "Verify file hashes with RPM", which files resides here:
https://github.com/ComplianceAsCode/content/tree/master/linux_os/guide/sy...
From description in rule.yml I understand that altered files should be
reported and, altered configuration files should be reported analyzed
individually.
1. Is this the intended action? To evaluate altered configuration files?
Looking at the OVAL check, it mostly cares about altered files under /bin,
/sbin ,/lib ,/lib64 or /usr (mainly executables and libraries according to
comment).
2. Is this restriction only to optimize for search of libraries and
binaries?
I see a slight misalignment between check and description. This way we
won't be catching much changes in config files.
--
Watson Sato
Security Technologies | Red Hat, Inc