The Linux DUP framework uses RPM verification to ensure
the security of all DUP dependent Linux utilities. If security is
compromised, the framework displays a message and an RPM Verify Legend,
and then exits with exit code 9.
RPM produces output
only if there is a verification failure. The format of the output is:
.SM5DLUGT 'utility name'
For example,
if the
fmt command is compromised, the framework displays the
message:
rpm verify failed: .M...... /usr/bin/fmt
RPM Verify Output Legend:
.‑ Verification test passed
S‑ File Size differs
M‑ Mode differs (includes permissions
and file type)
5‑ MD5 sum differs
D‑ Device major/minor
number mismatch
L‑ ReadLink(2) path mismatch
U‑ User
ownership differs
G‑ Group ownership differs
T‑ mTime
differs
|