Verify Permissions on System.map Files
An XCCDF Rule
Description
The System.map files are symbol map files generated during the compilation of the Linux
kernel. They contain the mapping between kernel symbols and their corresponding memory
addresses. In general, there is no need for non-root users to read these files.
To properly set the permissions of /boot/System.map*, run the command:
$ sudo chmod 0600 /boot/System.map*
Rationale
The purpose of System.map files is primarily for debugging and profiling the kernel.
Unrestricted access to these files might disclose information useful to attackers and
malicious software leading to more sophisticated exploitation.
- ID
- xccdf_org.ssgproject.content_rule_file_permissions_systemmap
- Severity
- Low
- References
- Updated