RHEL-09-232015 - RHEL 9 library directories must have mode 755 or less permissive.

Information

If RHEL 9 allowed any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.

This requirement applies to RHEL 9 with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs that execute with escalated privileges.

Solution

Configure the system-wide shared library directories (/lib, /lib64, /usr/lib and /usr/lib64) to be protected from unauthorized access.

Run the following command, replacing '[DIRECTORY]' with any library directory with a mode more permissive than 755.

$ sudo chmod 755 [DIRECTORY]

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_9_V2R2_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-5(6), CAT|II, CCI|CCI-001499, Rule-ID|SV-257883r991560_rule, STIG-ID|RHEL-09-232015, Vuln-ID|V-257883

Plugin: Unix

Control ID: 81f217bca90e9f6001ef2ed02ccf9567723c8d2edef20d1e08908d3d358f9723