An XCCDF Group - A logical subset of the XCCDF Benchmark
$ sudo chmod +t DIR
/bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin
root
$ sudo chgrp root DIR
$ sudo chown root DIR
$ findmnt -n -l -k -it $(awk '/nodev/ { print $2 }' /proc/filesystems | paste -sd,)
$ sudo find MOUNTPOINT -xdev -nogroup 2>/dev/null
$ sudo find MOUNTPOINT -xdev -nouser 2>/dev/null
passwd
shadow
group
gshadow
/etc/security/opasswd
$ sudo chown root /etc/security/opasswd
$ sudo chgrp root /etc/security/opasswd
$ sudo chmod 0600 /etc/security/opasswd
/lib /lib64 /usr/lib /usr/lib64
/lib/modules
$ sudo chmod go-w DIR
$ sudo chgrp root FILE
/bin /sbin /usr/bin /usr/libexec /usr/local/bin /usr/local/sbin /usr/sbin
$ sudo chown root FILE
$ sudo chmod go-w FILE