Verify Group Who Owns System.map Files

An XCCDF Rule

Description

The System.map files are symbol map files generated during the compilation of the Linux kernel. They contain the mapping between kernel symbols and their corresponding memory addresses. These files must be group-owned by root. To properly set the group owner of /boot/System.map*, run the command:

$ sudo chgrp root /boot/System.map*

Rationale

The purpose of System.map files is primarily for debugging and profiling the kernel. Unrestricted access to these files might disclose information useful to attackers and malicious software leading to more sophisticated exploitation.

ID: xccdf_org.ssgproject.content_rule_file_groupowner_systemmap
Severity: Low
References: R29
Updated: 5 days ago

- name: Find /boot/ file(s) matching ^.*System\.map.*$
  command: find -H /boot/ -maxdepth 1 -type f ! -group root -regextype posix-extended
    -regex "^.*System\.map.*$"
  register: files_found
  changed_when: false
  failed_when: false  check_mode: false
  tags:
  - configure_strategy
  - file_groupowner_systemmap
  - low_complexity
  - low_disruption
  - low_severity
  - no_reboot_needed

- name: Ensure group owner on /boot/ file(s) matching ^.*System\.map.*$
  file:
    path: '{{ item }}'
    group: root
    state: file
  with_items:
  - '{{ files_found.stdout_lines }}'
  tags:
  - configure_strategy
  - file_groupowner_systemmap
  - low_complexity
  - low_disruption
  - low_severity
  - no_reboot_needed


find -L /boot/ -maxdepth 1 -type f ! -group root -regextype posix-extended -regex '^.*System\.map.*$' -exec chgrp -L root {} \;

Verify Group Who Owns System.map Files

Description

Rationale

Remediation - Ansible

Remediation - Shell Script