Check: GEN002440
HP-UX 11.23 STIG:
GEN002440
(in version v1 r8)
Title
The owner, group-owner, mode, ACL, and location of files with the setgid bit set must be documented using site-defined procedures. (Cat II impact)
Discussion
All files with the setgid bit set will allow anyone running these files to be temporarily assigned the GID of the file. While many system files depend on these attributes for proper operation, security problems can result if setgid is assigned to programs that allow reading and writing of files, or shell escapes.
Check Content
Locate all setgid files on the system. Procedure: # find / -perm -2000 If the ownership, permissions, location, and ACLs of all files with the setgid bit set are not documented, this is a finding.
Fix Text
All files with the sgid bit set will be documented in the system baseline and authorized by the Information Systems Security Officer (ISSO). Locate all sgid files with the following command: find / -perm -2000 -exec ls -lL {} \; Ensure sgid files are part of the operating system software, documented application software, documented utility software, or documented locally developed software. Ensure none are text files or shell programs.
Additional Identifiers
Rule ID: SV-34943r1_rule
Vulnerability ID: V-802
Group Title: GEN002440
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000368 |
The organization documents any deviations from the established configuration settings for organization-defined information system components based on organization-defined operational requirements. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |