9.24 Find Files and Directories with Extended Attributes

Information

Extended attributes are implemented as files in a 'shadow' file system that is not generally visible via normal administration commands without special arguments.

Rationale:

Attackers or malicious users could 'hide' information, exploits, etc. in extended attribute areas. Since extended attributes are rarely used, it is important to find files with extended attributes set.

Solution

Correct or justify any items discovered in the Audit step. Determine the existence of any files having extended file attributes, and determine the best course of action in accordance with site policy. Note that the Solaris OS does not ship with files that have extended attributes.

See Also

https://workbench.cisecurity.org/benchmarks/4777