10.3 Restrict access to power management functions - CPRCHANGEPERM

Information

The settings in /etc/default/power control which users have access to the configuration settings for the system power management and checkpoint and resume features. By setting both values to -, configuration changes are restricted to only the root user.

Solution

Perform the following to implement the recommended state:
# cd /etc/default
# awk '/^PMCHANGEPERM=/ { $1 = "PMCHANGEPERM=-" }
/^CPRCHANGEPERM=/ { $1 = "CPRCHANGEPERM=-" }
{ print }' power >power.new
# mv power.new power
# pkgchk -f -n -p /etc/default/power

See Also

https://workbench.cisecurity.org/files/614

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(1)

Plugin: Unix

Control ID: 9a67d9f90cb74467b54807d668be5d5726f4f7067e9f782033260b036d041d48