Check: GEN001220
VMware ESX 3 Server:
GEN001220
(in version v1 r2)
Title
All system files, programs, and directories must be owned by a system account. (Cat II impact)
Discussion
Restricting permissions will protect the files from unauthorized modification.
Check Content
Check the ownership of system files, programs, and directories. Procedure: # ls -lLa /etc /bin /usr/bin /usr/lbin /usr/ucb /sbin /usr/sbin If any of the system files, programs, or directories are not owned by a system account, this is a finding.
Fix Text
Change the owner of system files, programs, and directories to a system account. Procedure: # chown root /some/system/file (A different system user may be used in place of root.)
Additional Identifiers
Rule ID: SV-795r2_rule
Vulnerability ID: V-795
Group Title: GEN001220
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001499 |
The organization limits privileges to change software resident within software libraries. |
Controls
Number | Title |
---|---|
CM-5 (6) |
Limit Library Privileges |