GEN001190 - All network services daemon files must not have extended ACLs - /usr/sbin/*

Information

Restricting permission on daemons will protect them from unauthorized modification and possible system compromise.

Solution

Remove the extended ACL(s) from the network service daemon file(s).
#acledit < directory >/< network service daemon >
Disable extended permissions.

See Also

http://iasecontent.disa.mil/stigs/zip/U_STIG_Library_2015_07.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6, CAT|II, CCI|CCI-000225, Rule-ID|SV-38685r1_rule, STIG-ID|GEN001190, Vuln-ID|V-22313

Plugin: Unix

Control ID: 3623d26749dea5d58c7393f9d9f9f81de82e67b93e6eeda07824595b1266f67b