GEN002330 - Audio devices must not have extended ACLs - '/dev/audio*'

Information

File system ACLs can provide access to files beyond what is allowed by the mode numbers of the files.

Solution

Remove the extended ACL from the file.
# setfacl --remove-all [device file]

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_5_V2R1_STIG.zip

Item Details

Category: ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|AC-6, 800-53|SC-4, CAT|II, CCI|CCI-000225, CCI|CCI-001090, Rule-ID|SV-218361r603259_rule, STIG-ID|GEN002330, STIG-Legacy|SV-63293, STIG-Legacy|V-22367, Vuln-ID|V-218361

Plugin: Unix

Control ID: 5df3c8748e0f55d6790036b24955025f3e1d1ec42c1cdb0fbf89895c266f6dca