Check: PHTN-67-000120
VMware vSphere 6.7 Photon OS STIG:
PHTN-67-000120
(in versions v1 r6 through v1 r1)
Title
The Photon operating system must protect all sysctl configuration files from unauthorized access. (Cat II impact)
Discussion
The sysctl configuration file specifies values for kernel parameters to be set on boot. Incorrect or malicious configuration of these parameters can have a negative effect on system security.
Check Content
At the command line, execute the following command: # find /etc/sysctl.conf /etc/sysctl.d/* -xdev -type f -a '(' -not -perm 600 -o -not -user root -o -not -group root ')' -exec ls -ld {} \; If any files are returned, this is a finding.
Fix Text
At the command line, execute the following commands for each returned file: # chmod 600 <file> # chown root:root <file>
Additional Identifiers
Rule ID: SV-239191r675381_rule
Vulnerability ID: V-239191
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |