Used in the <Where> section with the <Type> / <Values> to interface with local system package management.
Installation: Installed / Not Installed
ConfigOS will both scan for and remediate package installation and removal using the local package management system (typically yum or apt.)
Scanning for packages will access the local package database and report passing or failing based on the requested values.
As a precaution we are not actively remediating package uninstallation. If a RHEL system is neither registered with an active subscription nor has a local package repository (or for example the DVD installation media mounted directly) there is no way to rollback a package uninstallation because the subsequent installation would fail. If you choose to have ConfigOS remediate package uninstallation then remove the import flag as part of the <Ignore> element.
The Installation type can be combined with a Value of Installed or Not Installed
Uninstallation:
| Expand |
|---|
| title | Example of RPM uninstallation: |
|---|
|
| Code Block |
|---|
| <Group>
<GroupId>V-204502</GroupId>
<GroupTitle>SRG-OS-000095-GPOS-00049</GroupTitle>
<RuleId>SV-204502r603261_rule</RuleId>
<Severity>CAT I</Severity>
<RuleVersion>RHEL-07-021710</RuleVersion>
<RuleTitle>The Red Hat Enterprise Linux operating system must not have the telnet-server package installed.</RuleTitle>
<Where>Software Package</Where>
<Applied>telnet-server</Applied>
<Type>Installation</Type>
<Value>Not Installed</Value>
<Ignore>import,case,space</Ignore>
<IgnoreReason></IgnoreReason>
</Group> |
|
Installation:
| Expand |
|---|
| title | Example of RPM installation: |
|---|
|
| Code Block |
|---|
| <Group>
<GroupId>V-244537</GroupId>
<GroupTitle>SRG-OS-000028-GPOS-00009</GroupTitle>
<RuleId>SV-244537r743860_rule</RuleId>
<Severity>CAT II</Severity>
<RuleVersion>RHEL-08-020039</RuleVersion>
<RuleTitle>RHEL 8 must have the tmux package installed.</RuleTitle>
<Where>Software Package</Where>
<Applied>tmux</Applied>
<Type>Installation</Type>
<Value>Installed</Value>
<Ignore></Ignore>
<IgnoreReason></IgnoreReason>
</Group> |
|
Verify
This special element is used in only one rule. ConfigOS will examine the packages on the system to ensure that the installed files are maintained correctly in relation to the package database itself. Any results here can usually be corrected by reinstalling the package in question.
| Expand |
|---|
| title | The Package Verify rule applies to any packages installed normally: |
|---|
|
| Code Block |
|---|
| <Group>
<GroupId>V-204392</GroupId>
<GroupTitle>SRG-OS-000257-GPOS-00098</GroupTitle>
<RuleId>SV-204392r880752_rule</RuleId>
<Severity>CAT I</Severity>
<RuleVersion>RHEL-07-010010</RuleVersion>
<RuleTitle>The Red Hat Enterprise Linux operating system must be configured so that the file permissions, ownership, and group membership of system files and commands match the vendor values.</RuleTitle>
<Where>Software Package</Where>
<Applied>*</Applied>
<Type>Installation:Verify[mode|owner|group]</Type>
<Value>[""],[Restore]</Value>
<Ignore>import,case</Ignore>
<IgnoreReason></IgnoreReason>
</Group> |
|
