STIGQter: STIG Summary: Solaris 10 X86 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

All files and directories must have a valid owner.

DISA Rule

SV-227611r603266_rule

Vulnerability Number

V-227611

Group Title

SRG-OS-000480

Rule Version

GEN001160

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

All directories and files (executable and data) will have an identifiable owner and group name. Either trace files to an authorized user, change the file's owner to root, or delete them. Determine the legitimate owner of the files and use the chown command to set the owner and group to the correct value. If the legitimate owner cannot be determined, change the owner to root (but make sure none of the changed files remain executable because they could be Trojan horses or other malicious code). Examine the files to determine their origin and the reason for their lack of an owner/group.

Check Contents

Check the system for files with no assigned owner.

Procedure:
# find / -nouser -print

If any files have no assigned owner, this is a finding.

Vulnerability Number

V-227611

Documentable

False

Rule Version

GEN001160

Severity Override Guidance

Check the system for files with no assigned owner.

Procedure:
# find / -nouser -print

If any files have no assigned owner, this is a finding.

Check Content Reference

Target Key

4061

All files and directories must have a valid owner.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments