Ensure All Files Are Owned by a User

An XCCDF Rule

Description

If any files are not owned by a user, then the cause of their lack of ownership should be investigated. Following this, the files should be deleted or assigned to an appropriate user. Locate the mount points related to local devices by the following command:

$ findmnt -n -l -k -it $(awk '/nodev/ { print $2 }' /proc/filesystems | paste -sd,)

For all mount points listed by the previous command, it is necessary to search for files which do not belong to a valid user using the following command:

$ sudo find MOUNTPOINT -xdev -nouser 2>/dev/null

warning alert: Functionality Warning

For this rule to evaluate centralized user accounts, getent must be working properly so that running the command

getent passwd

returns a list of all users in your organization. If using the System Security Services Daemon (SSSD),

enumerate = true

must be configured in your organization's domain to return a complete list of users

warning alert: Warning

This rule can take a long time to perform the check and might consume a considerable amount of resources depending on the number of files present on the system. It is not a problem in most cases, but especially systems with a large number of files can be affected. See https://access.redhat.com/articles/6999111.

Rationale

Unowned files do not directly imply a security problem, but they are generally a sign that something is amiss. They may be caused by an intruder, by incorrect software installation or draft software removal, or by failure to remove all files belonging to a deleted account, or other similar cases. The files should be repaired so they will not cause problems when accounts are created in the future, and the cause should be discovered and addressed.

ID: xccdf_org.ssgproject.content_rule_no_files_unowned_by_user
Severity: Medium
References: BP28(R55)

11 12 13 14 15 16 18 3 5 9

APO01.06 BAI10.01 BAI10.02 BAI10.03 BAI10.05 DSS05.02 DSS05.04 DSS05.05 DSS05.07 DSS06.02 DSS06.03 DSS06.06

CCI-000366 CCI-002165

4.3.3.2.2 4.3.3.5.1 4.3.3.5.2 4.3.3.5.3 4.3.3.5.4 4.3.3.5.5 4.3.3.5.6 4.3.3.5.7 4.3.3.5.8 4.3.3.6.1 4.3.3.6.2 4.3.3.6.3 4.3.3.6.4 4.3.3.6.5 4.3.3.6.6 4.3.3.6.7 4.3.3.6.8 4.3.3.6.9 4.3.3.7.1 4.3.3.7.2 4.3.3.7.3 4.3.3.7.4 4.3.4.3.2 4.3.4.3.3

SR 1.1 SR 1.10 SR 1.11 SR 1.12 SR 1.13 SR 1.2 SR 1.3 SR 1.4 SR 1.5 SR 1.6 SR 1.7 SR 1.8 SR 1.9 SR 2.1 SR 2.2 SR 2.3 SR 2.4 SR 2.5 SR 2.6 SR 2.7 SR 5.2 SR 7.6

A.10.1.1 A.11.1.4 A.11.1.5 A.11.2.1 A.12.1.2 A.12.5.1 A.12.6.2 A.13.1.1 A.13.1.3 A.13.2.1 A.13.2.3 A.13.2.4 A.14.1.2 A.14.1.3 A.14.2.2 A.14.2.3 A.14.2.4 A.6.1.2 A.7.1.1 A.7.1.2 A.7.3.1 A.8.2.2 A.8.2.3 A.9.1.1 A.9.1.2 A.9.2.1 A.9.2.3 A.9.4.1 A.9.4.4 A.9.4.5

AC-6(1) CM-6(a)

PR.AC-4 PR.AC-6 PR.DS-5 PR.IP-1 PR.PT-3

2.2.6

SRG-OS-000480-GPOS-00227

SV-204463r853897_rule

6.1.12
Updated: 8 months ago