6.4 Ensure system device files are labeled - unlabeled_t

Information

The operating system must be configured so that all system device files are correctly labeled to prevent unauthorized modification.

Rationale:

If an unauthorized or modified device is allowed to exist on the system, there is the possibility the system may perform unintended or unauthorized operations.

Solution

Run the following command to determine which package owns the device file:

# rpm -qf <filename>

The package can be reinstalled from a yum repository using the command:

# sudo yum reinstall <packagename>

Alternatively, the package can be reinstalled from trusted media using the command:

# sudo rpm -Uvh <packagename>

Notes:

This Benchmark recommendation maps to:

Red Hat Enterprise Linux 7 Security Technical Implementation Guide:

Version 2, Release: 3 Benchmark Date: 26 Apr 2019



Vul ID: V-72039

Rule ID: SV-86663r2_rule

STIG ID: RHEL-07-020900

Severity: CAT II

See Also

https://workbench.cisecurity.org/files/2688

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3(3)

Plugin: Unix

Control ID: 703958cf56e081523aabc82a2f51e0940e36667bfcd44a2fc9f09891892c8eb5