Verify Permissions On /etc/ipsec.d Directory
An XCCDF Rule
Description
To properly set the permissions of /etc/ipsec.d, run the command:
$ sudo chmod 0700 /etc/ipsec.d
Rationale
Setting correct permissions on the /etc/ipsec.d directory is important because this directory hosts Libreswan configuration. Protection of this directory is critical for system security. Restricting the permissions ensures exclusive control of the Libreswan configuration.
- ID
- xccdf_org.ssgproject.content_rule_directory_permissions_etc_ipsecd
- Severity
- Medium
- References
- Updated
Remediation - Ansible
- name: Gather the package facts
package_facts:
manager: auto
tags:
- CCE-86305-0
- configure_strategy
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if rpm --quiet -q libreswan; then
find -H /etc/ipsec.d/ -maxdepth 1 -perm /u+s,g+xwrs,o+xwrt -type d -exec chmod u-s,g-xwrs,o-xwrt {} \;
else