Verify that System Executable Have Root Ownership
An XCCDF Rule
Description
/bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbinAll these directories should be owned by the
root user.
If any directory DIR in these directories is found
to be owned by a user other than root, correct its ownership with the
following command:
$ sudo chown root DIR
Rationale
System binaries are executed by privileged users as well as system services, and restrictive permissions are necessary to ensure that their execution of these programs cannot be co-opted.
- ID
- xccdf_org.ssgproject.content_rule_dir_ownership_binary_dirs
- Severity
- Medium
- References
- Updated
Remediation - Ansible
- name: Ensure owner on directory /bin/ recursively
file:
path: /bin/
state: directory
recurse: true
owner: '0'
Remediation - Shell Script
find -H /bin/ -type d -exec chown 0 {} \;
find -H /sbin/ -type d -exec chown 0 {} \;
find -H /usr/bin/ -type d -exec chown 0 {} \;
find -H /usr/sbin/ -type d -exec chown 0 {} \;
find -H /usr/local/bin/ -type d -exec chown 0 {} \;
find -H /usr/local/sbin/ -type d -exec chown 0 {} \;