Detections
Analytics
RHEL-09-232015 - RHEL 9 library directories must have mode 755 or less permissive.
Warning! Audit Deprecated
This audit has been deprecated and will be removed in a future update.
View Next Audit VersionInformation
If RHEL 9 allowed any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.This requirement applies to RHEL 9 with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs that execute with escalated privileges.
Solution
Configure the system-wide shared library directories (/lib, /lib64, /usr/lib and /usr/lib64) to be protected from unauthorized access.Run the following command, replacing '[DIRECTORY]' with any library directory with a mode more permissive than 755.
$ sudo chmod 755 [DIRECTORY]
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/U_RHEL_9_V1R1_STIG.zip
Item Details
Audit Name: DISA Red Hat Enterprise Linux 9 STIG v1r1
References: CAT|II, CCI|CCI-001499, Rule-ID|SV-257883r925636_rule, STIG-ID|RHEL-09-232015, Vuln-ID|V-257883
Plugin: Unix
Control ID: 622f20b5483d1871f30f20e1b003c947a861b60294998dfa1bae9bdf7f512fa0