6.1.1 Audit system file permissions

Information

The Debian package manager has a number of useful options. One of these, the --verify option, can be used to verify that system packages are correctly installed. The --verify option can be used to verify a particular package or to verify all system packages. If no output is returned, the package is installed correctly. The following table describes the meaning of output from the verify option: Code MeaningS File size differs.M File mode differs (includes permissions and file type).5 The MD5 checksum differs.D The major and minor version numbers differ on a device file.L A mismatch occurs in a link.U The file ownership differs.G The file group owner differs.T The file time (mtime) differs. The dpkg -S command can be used to determine which package a particular file belongs to. For example the following commands determines which package the /bin/bash file belongs to: # dpkg -S /bin/bashbash: /bin/bash To verify the settings for the package that controls the /bin/bash file, run the following: # dpkg --verify bash??5?????? c /etc/bash.bashrc It is important to confirm that packaged system files and directories are maintained with the permissions they were intended to have from the OS vendor.

Note: Nessus has not performed this check, and this item is only provided for informational purposes.

Solution

Correct any discrepancies found and rerun the audit until output is clean or risk is mitigated or accepted.

See Also

https://workbench.cisecurity.org/files/1866

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9(4), CSCv6|14.4

Plugin: Unix

Control ID: 6890433c5daf77b971dd3f361b822dca97073a195f34828e3a734ad7aec6f526