Navigate

Check: GEN001240

SUSE Linux Enterprise Server v11 for System z STIG: GEN001240 (in versions v1 r12 through v1 r9)

Title

System files, programs, and directories must be group-owned by a system group. (Cat II impact)

Discussion

Restricting permissions will protect the files from unauthorized modification.

Check Content

Check the group-ownership of system files, programs, and directories. Procedure: # ls –lLa /etc /bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin If any system file, program, or directory is not owned by a system group, this is a finding.

Fix Text

Change the group-owner of system files to a system group. Procedure: # chgrp root /path/to/system/file (System groups other than root may be used.)

Additional Identifiers

Rule ID: SV-44944r1_rule

Vulnerability ID: V-796

Group Title: GEN001240

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-001499	The organization limits privileges to change software resident within software libraries.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-5 (6)	Limit Library Privileges