Executing "rpm -Va" command on Red Hat Satellite 6 provides a list of configuration files whose permissions were changed post package installation.

Solution Verified - Updated -

Issue

  • Current file permissions differ from the original file permissions when the files were created during the time of package installation.

  • Executing the rpm -Va command on Red Hat Satellite provides a list of configuration files whose permissions were changed post package installation.

  • The security team uses rpm -Va command to verify packages and files installed on the satellite server and the following output is observed where a list of configuration files is provided whose permissions are changed/modified post package installation:

    # rpm -Va --nomtime --nosize --nomd5 --nolinkto 
<------Truncated Output------>
.M....G..  c /etc/foreman-proxy/settings.d/ansible.yml
.M....G..  c /etc/foreman-proxy/settings.d/remote_execution_ssh.yml
.M....G..  c /etc/foreman-proxy/settings.d/openscap.yml
.M....G..  c /etc/foreman-proxy/settings.d/bmc.yml
.M....G..  c /etc/foreman-proxy/settings.d/dhcp.yml
.M....G..  c /etc/foreman-proxy/settings.d/dhcp_isc.yml
.M....G..  c /etc/foreman-proxy/settings.d/dhcp_libvirt.yml
.M....G..  c /etc/foreman-proxy/settings.d/dns.yml
.M....G..  c /etc/foreman-proxy/settings.d/dns_libvirt.yml
.M....G..  c /etc/foreman-proxy/settings.d/dns_nsupdate.yml
.M....G..  c /etc/foreman-proxy/settings.d/dns_nsupdate_gss.yml
.M....G..  c /etc/foreman-proxy/settings.d/httpboot.yml
.M....G..  c /etc/foreman-proxy/settings.d/logs.yml
.M....G..  c /etc/foreman-proxy/settings.d/puppet.yml
.M....G..  c /etc/foreman-proxy/settings.d/puppet_proxy_customrun.yml
.M....G..  c /etc/foreman-proxy/settings.d/puppet_proxy_mcollective.yml
.M....G..  c /etc/foreman-proxy/settings.d/puppet_proxy_puppet_api.yml
.M....G..  c /etc/foreman-proxy/settings.d/puppet_proxy_salt.yml
.M....G..  c /etc/foreman-proxy/settings.d/puppet_proxy_ssh.yml
.M....G..  c /etc/foreman-proxy/settings.d/puppetca.yml
.M....G..  c /etc/foreman-proxy/settings.d/puppetca_hostname_whitelisting.yml
.M....G..  c /etc/foreman-proxy/settings.d/puppetca_http_api.yml
.M....G..  c /etc/foreman-proxy/settings.d/puppetca_puppet_cert.yml
.M....G..  c /etc/foreman-proxy/settings.d/puppetca_token_whitelisting.yml
.M....G..  c /etc/foreman-proxy/settings.d/realm.yml
.M....G..  c /etc/foreman-proxy/settings.d/realm_freeipa.yml
.M....G..  c /etc/foreman-proxy/settings.d/templates.yml
.M....G..  c /etc/foreman-proxy/settings.d/tftp.yml
.M....G..  c /etc/foreman-proxy/settings.yml
.M.......    /var/log/puppetlabs/puppetserver
.M.......    /opt/rh/rh-nodejs6
.M.......    /opt/rh/rh-nodejs6/enable
.M....G..    /etc/pki/pulp
.M.......  g /etc/pki/pulp/rsa_pub.key
.M...U...  c /etc/pulp/server.conf
.M.......    /run/foreman-proxy
.....U...    /etc/puppetlabs/code/environments
.....U...    /etc/puppetlabs/code/modules
.....UG..    /opt/puppetlabs/puppet/cache
.....U...    /opt/puppetlabs/puppet/modules
.....UG..    /var/log/puppetlabs/puppet
.....UG..    /var/run/puppetlabs
.M.......    /var/lib/foreman-proxy/ssh
......G..  c /etc/tomcat/server.xml
<------Truncated Output------>

Environment

  • Red Hat Satellite 6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content