Description
All directories in local partitions which are
world-writable should be group owned by root or another
system account. If any world-writable directories are not
group owned by a system account, this should be investigated.
Following this, the files should be deleted or assigned to an
appropriate group.
Rationale
Allowing a user account to group own a world-writable directory is
undesirable because it allows the owner of that directory to remove
or replace any files that may be placed in the directory by other
users.
- ID
xccdf_org.ssgproject.content_rule_dir_perms_world_writable_system_owned_group
- References
CSC: Critical Security Controls
COBIT®: Control Objectives for Information and Related Technologies
CCI: Control Correlation Identifier
ISA-62443-2-1-2009, Security for Industrial Automation and Control Systems Part 2-1: Establishing an Industrial Automation and Control Systems Security Program
ANSI/ISA-62443-3-3 (99.03.03)-2013 Security for industrial automation and control systems Part 3-3: System security requirements and security levels
NIST Special Publication 800-53 (Revision 4): Security and Privacy Controls for Federal Information Systems and Organizations
Framework for Improving Critical Infrastructure Cybersecurity
GPOS SRG: General Purpose Operating System Security Requirements Guide
STIG: Security Technical Implementation Guides for UNIX/Linux Operating Systems
CCE: Common Configuration Enumeration
STIG References, Finding IDs and Rule IDs