STIGQter: STIG Summary: SLES 12 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The SUSE operating system library directories must be owned by root.

DISA Rule

SV-237610r646793_rule

Vulnerability Number

V-237610

Group Title

SRG-OS-000259-GPOS-00100

Rule Version

SLES-12-010874

Severity

CAT II

CCI(s)

• CCI-001499 - The organization limits privileges to change software resident within software libraries.

Weight

10

Fix Recommendation

Configure the library files and their respective parent directories to be protected from unauthorized access. Run the following command:

> sudo find /lib /lib64 /usr/lib /usr/lib64 ! -user root -type d -exec chown root '{}' \;

Check Contents

Verify the system-wide shared library directories "/lib", "/lib64", "/usr/lib/" and "/usr/lib64" are owned by root.

Check that the system-wide shared library directories are owned by root with the following command:

> sudo find /lib /lib64 /usr/lib /usr/lib64 ! -user root -type d -exec stat -c "%n %U" '{}' \;

If any system wide library directory is returned, this is a finding.

Vulnerability Number

V-237610

Documentable

False

Rule Version

SLES-12-010874

Severity Override Guidance

Verify the system-wide shared library directories "/lib", "/lib64", "/usr/lib/" and "/usr/lib64" are owned by root.

Check that the system-wide shared library directories are owned by root with the following command:

> sudo find /lib /lib64 /usr/lib /usr/lib64 ! -user root -type d -exec stat -c "%n %U" '{}' \;

If any system wide library directory is returned, this is a finding.

Check Content Reference

M

Target Key

4033

Comments