3.8 Ensure all files and directories are owned by a user (uid) and assigned to a group (gid)

Information

When a user or group identifier is removed from the system verify that any data associated with the ID removed is either removed or re-assigned.

Rationale:

Worst case: a previously removed UID/GID is re-instated. Data left behind suddenly is owned and/or accessible to the new ID - gaining unintended access to data left-behind.

Solution

Review the currently mounted local filesystems:

find / ( -fstype jfs -o -fstype jfs2 ) ( -type d -o -type f ) ( -nouser -o -nogroup ) -ls

Either assign UID/GID:

chown <owner> <file>
chgrp <group> <file>

or remove the file/directory:

[[ -f <file> ]] && rm -f <file>
[[ -d <file> ]] && rmdir <file>

Repeat the audit

Default Value:

N/A

See Also

https://workbench.cisecurity.org/benchmarks/13069

Item Details

Category: MEDIA PROTECTION

References: 800-53|MP-6

Plugin: Unix

Control ID: 40ab7f81dd7159b79fc35f7a16486b69ad15d0b3f20ea6d971582a17e7ffb0d4