5.1.3 Check System folder for world writable files

Information

Software sometimes insists on being installed in the /System Directory and have inappropriate world writable permissions.

Rationale:

Folders in /System should not be world writable. The audit check excludes the 'Drop Box' folder that is part of Apple's default user template.

Solution

Change permissions so that 'Others' can only execute. (Example Below)

sudo chmod -R o-w /Bad/Directory

See Also

https://workbench.cisecurity.org/files/3092

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6

Plugin: Unix

Control ID: ae4f86be74ee49759361765e6323f9e962213bc3baa0a0cbe7aa02e42f130b9e