GEN000000-LNX00450 - The /etc/security/access.conf file must not have an extended ACL.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

If the access permissions are more permissive than 0640, system security could be compromised.

Solution

Remove the extended ACL from the file.
# setfacl --remove-all /etc/security/access.conf

See Also

http://iasecontent.disa.mil/stigs/zip/U_RedHat_5_V1R17_STIG.zip

Item Details

Audit Name: DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit

Category: ACCESS CONTROL

References: 800-53|AC-3, CAT|II, CCI|CCI-000225, CCI|CCI-000366, Group-ID|V-22595, Rule-ID|SV-26998r1_rule, STIG-ID|GEN000000-LNX00450

Plugin: Unix

Control ID: 19edcf49fede73019b5abf2e59b5136061e629454212bcb7cb89528f3cdb0c24