2.4 Ensure unused symbolic links are removed

Information

This recommendation finds and removes symbolic links whose targets are missing. Symbolic Links that do not have a valid target are a risk to system integrity.

The recommendation is to scan frequently (weekly or daily) for symbolic links without a valid target object and remove them.

Do not assume that anyone responsible for maintaining system integrity is (actively) monitoring unknown software.

Symbolic links - pointing at nothing - are, by definition,

unauthorized

and/or belong on a blocklist

Solution

The following command will remove all symbolic links that lack a valid target object:

find -L / ( -fstype jfs -o -fstype jfs2 ) -type l | xargs rm

Impact:

Symbolic Links, used properly, are a tremendous asset - enhancing system usability (ease of use). However, when pointing to nothing (i.e., whatever they pointed at has been removed but not replaced) system integrity is at the mercy of whatever process replaces that filesystem location later.

To reduce risk to

system integrity

any symbolic link that points at a non-existent file-system object is to be removed.

Note: most symbolic links that point at

no longer existent objects

exist due to incomplete software removal procedures. When an authorized application is (re-)installed it's installation process will (or should) re-create the symbolic link.

See Also

https://workbench.cisecurity.org/benchmarks/10385

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7(2), 800-53|CM-8(3), 800-53|CM-10, 800-53|CM-11, CSCv7|2.6

Plugin: Unix

Control ID: e0220622304b2f89046517464e7e700642738e933700b327e748c1754b70a6b2