Check: OL6-00-000048
Oracle Linux 6 STIG:
OL6-00-000048
(in versions v2 r7 through v1 r12)
Title
All system command files must be owned by root. (Cat II impact)
Discussion
System binaries are executed by privileged users as well as system services, and restrictive permissions are necessary to ensure that their execution of these programs cannot be co-opted.
Check Content
System executables are stored in the following directories by default: /bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin To find system executables that are not owned by "root", run the following command for each directory [DIR] which contains system executables: $ find -L [DIR] \! -user root If any system executables are found to not be owned by root, this is a finding.
Fix Text
System executables are stored in the following directories by default: /bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin If any file [FILE] in these directories is found to be owned by a user other than root, correct its ownership with the following command: # chown root [FILE]
Additional Identifiers
Rule ID: SV-208825r793610_rule
Vulnerability ID: V-208825
Group Title: SRG-OS-000259
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001499 |
The organization limits privileges to change software resident within software libraries. |
Controls
Number | Title |
---|---|
CM-5 (6) |
Limit Library Privileges |