9.24 Find Files and Directories with Extended Attributes

Information

Extended attributes are implemented as files in a "shadow" file system that is not generally
visible via normal administration commands without special arguments.

Rationale:

Attackers or malicious users could "hide" information, exploits, etc. in extended attribute
areas. Since extended attributes are rarely used, it is important to find files with extended
attributes set.

Solution

Correct or justify any items discovered in the Audit step. Determine the existence of any
files having extended file attributes, and determine the best course of action in accordance
with site policy. Note that the Solaris OS does not ship with files that have extended
attributes.

See Also

https://workbench.cisecurity.org/files/2582