GEN002320 - Audio devices must have mode 0660 or less permissive - /dev/sound/*

Information

Globally accessible audio and video devices have proven to be security hazards. There is software that can activate system microphones and video devices connected to user workstations and/or X terminals. Once the microphone has been activated, it is possible to eavesdrop on otherwise private conversations without the victim being aware of it. This action effectively changes the user's microphone to a bugging device.

Solution

Change the mode of the audio device.
# chmod -R 0660 /dev/audio

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SOL_10_x86_V2R4_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3(4), CAT|II, CCI|CCI-002165, Rule-ID|SV-227701r854483_rule, STIG-ID|GEN002320, STIG-Legacy|SV-27241, STIG-Legacy|V-1048, Vuln-ID|V-227701

Plugin: Unix

Control ID: 5441c4585a374df05c400e22b68eaf96755acb670e9cceecb5dd8ae98d93db25