Detections
Analytics

1.109 RHEL-09-232015

Information

RHEL 9 library directories must have mode 755 or less permissive.

GROUP ID: V-257883
RULE ID: SV-257883r991560

If RHEL 9 allowed any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.

This requirement applies to RHEL 9 with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs that execute with escalated privileges.

Solution

Configure the system-wide shared library directories (/lib, /lib64, /usr/lib and /usr/lib64) to be protected from unauthorized access.

Run the following command, replacing "[DIRECTORY]" with any library directory with a mode more permissive than 755.

$ sudo chmod 755 [DIRECTORY]

See Also

https://workbench.cisecurity.org/benchmarks/22008

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-5, 800-53|CM-5(6), CAT|II, CCI|CCI-001499, Rule-ID|SV-257883r991560_rule, STIG-ID|RHEL-09-232015, Vuln-ID|V-257883

Plugin: Unix

Control ID: 29af1af3b1d354c079348d529d1a6a139b8661d8cec04dd5ef31cb0da6f35759