Title

All library files must not have extended ACLs. (Cat II impact)

Discussion

Unauthorized access could destroy the integrity of the library files.

Check Content

The following system library directories need to be checked: /usr/lib/security/ /usr/lib/methods/ Determine if any system library file has an extended ACL by running the follow script: find /usr/lib/security /usr/lib/methods/ -type f | while read file do aclget -o /tmp/111.acl $file > /dev/null 2>&1 if [ $? -eq 0 ]; then grep -e "[[:space:]]enabled$" /tmp/111.acl > /dev/null 2>&1 if [ $? -eq 0 ]; then echo "$file has ACL" fi fi done If the above script yield any output, this is a finding.

Fix Text

Remove the extended ACL(s) from the system library file(s) and disable extended permissions using the follow script: find /usr/lib/security /usr/lib/methods/ -type f | while read file do aclget -o /tmp/111.acl $file > /dev/null 2>&1 if [ $? -eq 0 ]; then grep -e "[[:space:]]enabled$" /tmp/111.acl > /dev/null 2>&1 if [ $? -eq 0 ]; then echo "Removing ACL from "$file cat /tmp/111.acl | head -n9 > /tmp/222.acl echo " disabled" >> /tmp/222.acl aclput -i /tmp/222.acl $file fi fi done

Additional Identifiers

Rule ID: SV-215326r508663_rule

Vulnerability ID: V-215326

Group Title: SRG-OS-000259-GPOS-00100

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.