3.8 Ensure all files and directories are owned by a user (uid) and assigned to a group (gid)

Information

When a user or group identifier is removed from the system verify that any data associated with the ID removed is either removed or re-assigned.

Rationale:

Worst case: a previously removed UID/GID is re-instated. Data left behind suddenly is owned and/or accessible to the new ID - gaining unintended access to data left-behind.

Solution

Review the currently mounted local filesystems:

find / ( -fstype jfs -o -fstype jfs2 ) ( -type d -o -type f ) ( -nouser -o -nogroup ) -ls

Either assign UID/GID:

chown <owner> <file>
chgrp <group> <file>

or remove the file/directory:

[[ -f <file> ]] && rm -f <file>
[[ -d <file> ]] && rmdir <file>

Repeat the audit

Default Value:

N/A

See Also

https://workbench.cisecurity.org/benchmarks/7851

Item Details

Category: MEDIA PROTECTION

References: 800-53|MP-6

Plugin: Unix

Control ID: 9da73ff6108b141ad464ddbaff608b45f62a5b50618513bca5868453cbba330d