Verify User Who Owns System.map Files

An XCCDF Rule

Description

The System.map files are symbol map files generated during the compilation of the Linux kernel. They contain the mapping between kernel symbols and their corresponding memory addresses. These files must be owned by root. To properly set the owner of /boot/System.map*, run the command:

$ sudo chown root /boot/System.map*

Rationale

The purpose of System.map files is primarily for debugging and profiling the kernel. Unrestricted access to these files might disclose information useful to attackers and malicious software leading to more sophisticated exploitation.

ID: xccdf_org.ssgproject.content_rule_file_owner_systemmap
Severity: Low
References: R29
Updated: 5 days ago

- name: Find /boot/ file(s) matching ^.*System\.map.*$
  command: find -H /boot/ -maxdepth 1 -type f ! -uid 0 -regextype posix-extended -regex
    "^.*System\.map.*$"
  register: files_found
  changed_when: false
  failed_when: false  check_mode: false
  tags:
  - configure_strategy
  - file_owner_systemmap
  - low_complexity
  - low_disruption
  - low_severity
  - no_reboot_needed

- name: Ensure owner on /boot/ file(s) matching ^.*System\.map.*$
  file:
    path: '{{ item }}'
    owner: '0'
    state: file
  with_items:
  - '{{ files_found.stdout_lines }}'
  tags:
  - configure_strategy
  - file_owner_systemmap
  - low_complexity
  - low_disruption
  - low_severity
  - no_reboot_needed


find -L /boot/ -maxdepth 1 -type f ! -uid 0 -regextype posix-extended -regex '^.*System\.map.*$' -exec chown -L 0 {} \;

Verify User Who Owns System.map Files

Description

Rationale

Remediation - Ansible

Remediation - Shell Script