RHEL-07-010010 - The Red Hat Enterprise Linux operating system must be configured so that the file permissions, ownership, and group membership of system files and commands match the vendor values.

Information

Discretionary access control is weakened if a user or group has access permissions to system files and directories greater than the default.

Satisfies: SRG-OS-000257-GPOS-00098, SRG-OS-000278-GPOS-00108

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Run the following command to determine which package owns the file:

# rpm -qf <filename>

Reset the user and group ownership of files within a package with the following command:

# rpm --setugids <packagename>


Reset the permissions of files within a package with the following command:

# rpm --setperms <packagename>

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_7_V3R15_STIG.zip

Item Details

Category: ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

References: 800-53|AC-3(4), 800-53|AC-6(10), 800-53|AU-9, 800-53|AU-9(3), CAT|I, CCI|CCI-001494, CCI|CCI-001496, CCI|CCI-002165, CCI|CCI-002235, Rule-ID|SV-204392r991558_rule, STIG-ID|RHEL-07-010010, STIG-Legacy|SV-86473, STIG-Legacy|V-71849, Vuln-ID|V-204392

Plugin: Unix

Control ID: 008420304e6a8144318c696b760a5aba731c67f64c92362d3e09a6abb5e1f846