{"description": "Without cryptographic integrity protections, system executables and files can be altered by\nunauthorized users without detection. The RPM package management system can check the hashes\nof installed software packages, including many that are important to system security.\n\nIf the file was not expected to change, investigate the cause of the change using audit logs\nor other means. The package can then be reinstalled to restore the file. Run the following\ncommand to determine which package owns the file:\n<pre>$ rpm -qf <i>FILENAME</i></pre>\n\nThe package can be reinstalled from a apt_get repository using the command:\n<pre>$ sudo apt_get reinstall crypto-policies</pre>", "rationale": "The crypto-policies package defines the cryptography policies for the system.\nIf the files are changed from those shipped with the operating system, \nIt may be possible for Ubuntu 22.04 to use cryptographic functions that are not FIPS 140-3 approved.", "severity": "high", "references": {"srg": ["SRG-OS-000478-GPOS-00223", "SRG-OS-000396-GPOS-00176"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "there is output", "ocil": "Verify that Ubuntu 22.04 crypto-policies package has not been modified with the following command:\n$ rpm -V crypto-policies\nIf the command has any output, this is a finding.", "oval_external_content": null, "fixtext": "Reinstall the crypto-policies package to remove any modifications.\n$ sudo apt_get reinstall -y crypto-policies", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["not bootc"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["not_bootc"], "bash_conditional": null, "fixes": {}, "title": "Verify crypto-policies with RPM", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_crypto_policies/rule.yml", "template": null}