RHEL-09-232210 - RHEL 9 library directories must be owned by root.

Information

If RHEL 9 allowed any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.

This requirement applies to RHEL 9 with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs that execute with escalated privileges.

Solution

Configure the system-wide shared library directories within (/lib, /lib64, /usr/lib and /usr/lib64) to be protected from unauthorized access.

Run the following command, replacing '[DIRECTORY]' with any library directory not owned by 'root'.

$ sudo chown root [DIRECTORY]

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_9_V2R2_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-5(6), CAT|II, CCI|CCI-001499, Rule-ID|SV-257922r991560_rule, STIG-ID|RHEL-09-232210, Vuln-ID|V-257922

Plugin: Unix

Control ID: c74b610af03a9b0dd9fab705c67128affa096a2a89a385fa72017fd52c5f2bb6