GEN002320 - Audio devices must have mode 0660 or less permissive - '/dev/audio*'

Information

Audio and video devices that are globally accessible have proven to be another security hazard. There is software that can activate system microphones and video devices connected to user workstations and/or X terminals. Once the microphone has been activated, it is possible to eavesdrop on otherwise private conversations without the victim being aware of it. This action effectively changes the user's microphone into a bugging device.

Solution

Change the mode of audio devices.
# chmod 0660 <audio device>

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_5_V2R1_STIG.zip

Item Details

Category: ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|AC-6, 800-53|SC-4, CAT|II, CCI|CCI-000225, CCI|CCI-001090, Rule-ID|SV-218360r603259_rule, STIG-ID|GEN002320, STIG-Legacy|SV-63247, STIG-Legacy|V-1048, Vuln-ID|V-218360

Plugin: Unix

Control ID: fcad33f32f7d2a362974563021434dfed00867f0e0a450a28690e14df91bfa90