GEN001290 - All manual page files must not have extended ACLs - '/usr/share/info'

Information

If manual pages are compromised, misleading information could be inserted, causing actions to compromise the system.

Solution

Remove the extended ACL from the file.
# setfacl --remove-all /usr/share/man/* /usr/share/info/* /usr/share/infopage/*

See Also

http://iasecontent.disa.mil/stigs/zip/U_RedHat_5_V1R18_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6, CAT|III, CCI|CCI-000225, Group-ID|V-22316, Rule-ID|SV-37238r2_rule, STIG-ID|GEN001290, Vuln-ID|V-22316

Plugin: Unix

Control ID: f6d16ee7656416f66bab8c5e762b2802d035af2591daf6f5a570cde56053028e