Check: GEN003920
SUSE Linux Enterprise Server v11 for System z STIG:
GEN003920
(in versions v1 r12 through v1 r9)
Title
The hosts.lpd (or equivalent) file must be owned by root, bin, sys, or lp. (Cat II impact)
Discussion
Failure to give ownership of the hosts.lpd file to root, bin, sys, or lp provides the designated owner, and possible unauthorized users, with the potential to modify the hosts.lpd file. Unauthorized modifications could disrupt access to local printers from authorized remote hosts or permit unauthorized remote access to local printers.
Check Content
Check the ownership of the print service configuration file. Procedure: # find /etc -name hosts.lpd -print # find /etc -name Systems –print # find /etc –name printers.conf -print If no print service configuration file is found, this is not applicable. Check the ownership of the print service configuration file(s). # ls –lL <print service file> If the owner of the file is not root, this is a finding.
Fix Text
Change the owner of the /etc/hosts.lpd (or equivalent, such as /etc/lp/Systems) to root. Procedure: # chown root <print service file>
Additional Identifiers
Rule ID: SV-45813r1_rule
Vulnerability ID: V-828
Group Title: GEN003920
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000225 |
The organization employs the concept of least privilege, allowing only authorized accesses for users (and processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions. |
Controls
| Number | Title |
|---|---|
| AC-6 |
Least Privilege |