InformationThe operating system must be configured so that the file permissions, ownership, and group membership of system files and commands match the vendor values
Discretionary access control is weakened if a user or group has access permissions to system files and directories greater than the default.
Satisfies: SRG-OS-000257-GPOS-00098, SRG-OS-000278-GPOS-00108
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
SolutionRun the following command to determine which package owns the file:
# rpm -qf <filename>
Reset the user and group ownership of files within a package with the following command:
# rpm --setugids <packagename>
Reset the permissions of files within a package with the following command:
# rpm --setperms <packagename>
Category: ACCESS CONTROL, AUDIT AND ACCOUNTABILITY
References: 800-53|AC-3(4), 800-53|AC-6(10), 800-53|AU-9, 800-53|AU-9(3), CCI|CCI-001494, CCI|CCI-001496, CCI|CCI-002165, CCI|CCI-002235, Rule-ID|SV-204392r646841_rule, STIG-ID|RHEL-07-010010
Control ID: d003763aefc5b61dfd9917ed993552a5619d295472d25b3e0669ab0fb30a5b21