Merge pull request #5755 from yuumasato/rpm_verify_permissions_warning

Warn about findings from rpm_verify_permissions and rpm_verify_ownership

(cherry picked from commit 23af201)

linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml

@@ -58,8 +58,13 @@ ocil: |-
     is expected by the RPM database:
     <pre>$ rpm -Va | rpm -Va --nofiledigest | awk '{ if (substr($0,6,1)=="U" || substr($0,7,1)=="G") print $NF }'</pre>
 
-{{% if product == "rhel6" %}}
 warnings:
+    - general: |-
+        Profiles may require that specific files be owned by root while the default owner defined
+        by the vendor is different.
+        Such files will be reported as a finding and need to be evaluated according to your policy
+        and deployment environment.
+{{% if product == "rhel6" %}}
     - general: |-
         <b>Note: Due to a bug in the <tt>gdm</tt> package,
         the RPM verify command may continue to fail even after file permissions have

linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml

@@ -67,8 +67,13 @@ ocil: |-
     is expected by the RPM database:
     <pre>$ rpm -Va | awk '{ if (substr($0,2,1)=="M") print $NF }'</pre>
 
-{{% if product == "rhel6" %}}
 warnings:
+    - general: |-
+        Profiles may require that specific files have stricter file permissions than defined by the
+        vendor.
+        Such files will be reported as a finding and need to be evaluated according to your policy
+        and deployment environment.
+{{% if product == "rhel6" %}}
     - general: |-
         <b>Note: Due to a bug in the <tt>gdm</tt> package,
         the RPM verify command may continue to fail even after file permissions have