All system files, programs, and directories must be owned by a system account. (Cat II impact)
Restricting permissions will protect the files from unauthorized modification.
Check the ownership of system files, programs, and directories by running the following command: # ls -lLa /etc /bin /usr/bin /usr/lbin /usr/ucb /sbin /usr/sbin If any of the system files, programs, or directories are not owned by a system account, this is a finding. Note: For this check, the system-provided "ipsec" user is considered to be a system account.
Change the owner of public directories to "root" or an application account using the following command: # chown root </public/directory> Note: Replace "root" with an application user as necessary.
The organization limits privileges to change software resident within software libraries.
Limit Library Privileges