GEN002280 - Device files and directories must only be writable by users with a system account or as configured by the vendor.

Information

System device files in writable directories could be modified, removed, or used by an unprivileged user to control system hardware.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Remove the world-writable permission from the device file(s).

Procedure:

# chmod o-w <device file>

Document all changes.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_5_V2R1_STIG.zip

Item Details

Category: ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|AC-6, 800-53|SC-4, CAT|II, CCI|CCI-000225, CCI|CCI-001090, Rule-ID|SV-218358r603259_rule, STIG-ID|GEN002280, STIG-Legacy|SV-63229, STIG-Legacy|V-924, Vuln-ID|V-218358

Plugin: Unix

Control ID: 8a08d38e0a5e117e4fa362b0b8ed670d3bd5260a0881ca17a39fdd7943a62040