STIGQter STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

Library files must have mode 0755 or less permissive.

DISA Rule

SV-208822r603263_rule

Vulnerability Number

V-208822

Group Title

SRG-OS-000259

Rule Version

OL6-00-000045

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

System-wide shared library files, which are linked to executables during process load time or run time, are stored in the following directories by default:

/lib
/lib64
/usr/lib
/usr/lib64

If any file in these directories is found to be group-writable or world-writable, correct its permission with the following command:

# chmod go-w [FILE]

Check Contents

System-wide shared library files, which are linked to executables during process load time or run time, are stored in the following directories by default:

/lib
/lib64
/usr/lib
/usr/lib64

Kernel modules, which can be added to the kernel during runtime, are stored in "/lib/modules". All files in these directories should not be group-writable or world-writable. To find shared libraries that are group-writable or world-writable, run the following command for each directory [DIR] which contains shared libraries:

$ find -L [DIR] -perm /022 -type f

If any of these files (excluding broken symlinks) are group-writable or world-writable, this is a finding.

Vulnerability Number

V-208822

Documentable

False

Rule Version

OL6-00-000045

Severity Override Guidance

System-wide shared library files, which are linked to executables during process load time or run time, are stored in the following directories by default:

/lib
/lib64
/usr/lib
/usr/lib64

Kernel modules, which can be added to the kernel during runtime, are stored in "/lib/modules". All files in these directories should not be group-writable or world-writable. To find shared libraries that are group-writable or world-writable, run the following command for each directory [DIR] which contains shared libraries:

$ find -L [DIR] -perm /022 -type f

If any of these files (excluding broken symlinks) are group-writable or world-writable, this is a finding.

Check Content Reference

M

Target Key

2928

Comments