STIGQter: STIG Summary: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

All SUSE operating system world-writable directories must be group-owned by root, sys, bin, or an application group.

DISA Rule

SV-235002r622137_rule

Vulnerability Number

V-235002

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

SLES-15-040180

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Change the group of the SUSE operating system world-writable directories to root with the following command:

> sudo chgrp root <directory>

Check Contents

Verify all SUSE operating system world-writable directories are group-owned by root, sys, bin, or an application group.

Check the system for world-writable directories with the following command:

> sudo find / -perm -002 -type d -exec ls -lLd {} \;
drwxrwxrwt. 2 root root 40 Aug 26 13:07 /dev/mqueue
drwxrwxrwt. 2 root root 220 Aug 26 13:23 /dev/shm
drwxrwxrwt. 14 root root 4096 Aug 26 13:29 /tmp

If any world-writable directories are not owned by root, sys, bin, or an application group associated with the directory, this is a finding.

Vulnerability Number

V-235002

Documentable

False

Rule Version

SLES-15-040180

Severity Override Guidance

Verify all SUSE operating system world-writable directories are group-owned by root, sys, bin, or an application group.

Check the system for world-writable directories with the following command:

> sudo find / -perm -002 -type d -exec ls -lLd {} \;
drwxrwxrwt. 2 root root 40 Aug 26 13:07 /dev/mqueue
drwxrwxrwt. 2 root root 220 Aug 26 13:23 /dev/shm
drwxrwxrwt. 14 root root 4096 Aug 26 13:29 /tmp

If any world-writable directories are not owned by root, sys, bin, or an application group associated with the directory, this is a finding.

Check Content Reference

M

Target Key

5274

Comments