1.6.1.10 Ensure system device files are labeled - unlabeled_t

Information

The operating system must be configured so that all system device files are correctly labeled to prevent unauthorized modification.

Rationale:

If an unauthorized or modified device is allowed to exist on the system, there is the possibility the system may perform unintended or unauthorized operations.

Solution

Run the following command to determine which package owns the device file:

# rpm -qf <filename>

The package can be reinstalled from a yum repository using the command:

# sudo yum reinstall <packagename>

Alternatively, the package can be reinstalled from trusted media using the command:

# sudo rpm -Uvh <packagename>

See Also

https://workbench.cisecurity.org/files/3636

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-3f., 800-53|CM-5(1), 800-53|CM-6c., 800-53|CM-11(2), CCI|CCI-000318, CCI|CCI-000368, CCI|CCI-001812, CCI|CCI-001813, CCI|CCI-001814, CSCv7|14.6, Rule-ID|SV-204479r603261_rule, STIG-ID|RHEL-07-020900

Plugin: Unix

Control ID: 9d35b78b543a3c5704ddc0786cd7e1cbae04b0d729009d36f69bacfec662423a