STIGQter STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

A sticky bit must be set on all RHEL 8 public directories to prevent unauthorized and unintended information transferred via shared system resources.

DISA Rule

SV-230243r627750_rule

Vulnerability Number

V-230243

Group Title

SRG-OS-000138-GPOS-00069

Rule Version

RHEL-08-010190

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure all world-writable directories to have the sticky bit set to prevent unauthorized and unintended information transferred via shared system resources.

Set the sticky bit on all world-writable directories using the command, replace "[World-Writable Directory]" with any directory path missing the sticky bit:

$ sudo chmod 1777 [World-Writable Directory]

Check Contents

Verify that all world-writable directories have the sticky bit set.

Check to see that all world-writable directories have the sticky bit set by running the following command:

$ sudo find / -type d \( -perm -0002 -a ! -perm -1000 \) -print 2>/dev/null

drwxrwxrwxt 7 root root 4096 Jul 26 11:19 /tmp

If any of the returned directories are world-writable and do not have the sticky bit set, this is a finding.

Vulnerability Number

V-230243

Documentable

False

Rule Version

RHEL-08-010190

Severity Override Guidance

Verify that all world-writable directories have the sticky bit set.

Check to see that all world-writable directories have the sticky bit set by running the following command:

$ sudo find / -type d \( -perm -0002 -a ! -perm -1000 \) -print 2>/dev/null

drwxrwxrwxt 7 root root 4096 Jul 26 11:19 /tmp

If any of the returned directories are world-writable and do not have the sticky bit set, this is a finding.

Check Content Reference

M

Target Key

2921

Comments