The Red Hat Enterprise Linux operating system must be configured so that the file permissions, ownership, and group membership of system files and commands match the vendor values.

An XCCDF Rule

Description

<VulnDiscussion>Discretionary access control is weakened if a user or group has access permissions to system files and directories greater than the default. Satisfies: SRG-OS-000257-GPOS-00098, SRG-OS-000278-GPOS-00108</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-204392r880752_rule
Severity: High
References: CCI-001494 CCI-001496 CCI-002165 CCI-002235
Updated: 8 months ago

Run the following command to determine which package owns the file:

     # rpm -qf <filename>

Reset the user and group ownership of files within a package with the following command:
     # rpm --setugids <packagename>


Reset the permissions of files within a package with the following command:

     # rpm --setperms <packagename>

The Red Hat Enterprise Linux operating system must be configured so that the file permissions, ownership, and group membership of system files and commands match the vendor values.

Description

Remediation - Manual Procedure