Check: GEN001220
SUSE Linux Enterprise Server v11 for System z STIG:
GEN001220
(in versions v1 r12 through v1 r9)
Title
All system files, programs, and directories must be owned by a system account. (Cat II impact)
Discussion
Restricting permissions will protect the files from unauthorized modification.
Check Content
Check the ownership of system files, programs, and directories. Procedure: # ls -lLa /etc /bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin If any of the system files, programs, or directories are not owned by a system account, this is a finding.
Fix Text
Change the owner of system files, programs, and directories to a system account. Procedure: # chown root /some/system/file (A different system user may be used in place of root.)
Additional Identifiers
Rule ID: SV-44941r1_rule
Vulnerability ID: V-795
Group Title: GEN001220
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001499 |
The organization limits privileges to change software resident within software libraries. |
Controls
Number | Title |
---|---|
CM-5 (6) |
Limit Library Privileges |