STIGQter: STIG Summary: Red Hat Enterprise Linux 7 Security Technical Implementation Guide Version: 3 Release: 3 Benchmark Date: 23 Apr 2021:

The Red Hat Enterprise Linux operating system must be configured so that all system device files are correctly labeled to prevent unauthorized modification.

DISA Rule

SV-204479r603261_rule

Vulnerability Number

V-204479

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

RHEL-07-020900

Severity

CAT II

CCI(s)

• CCI-000368 - The organization documents any deviations from the established configuration settings for organization-defined information system components based on organization-defined operational requirements.
• CCI-001813 - The information system enforces access restrictions.
• CCI-001814 - The Information system supports auditing of the enforcement actions.
• CCI-001812 - The information system prohibits user installation of software without explicit privileged status.
• CCI-000318 - The organization audits and reviews activities associated with configuration-controlled changes to the system.

Weight

10

Fix Recommendation

Run the following command to determine which package owns the device file:

# rpm -qf <filename>

The package can be reinstalled from a yum repository using the command:

# sudo yum reinstall <packagename>

Alternatively, the package can be reinstalled from trusted media using the command:

# sudo rpm -Uvh <packagename>

Check Contents

Verify that all system device files are correctly labeled to prevent unauthorized modification.

List all device files on the system that are incorrectly labeled with the following commands:

Note: Device files are normally found under "/dev", but applications may place device files in other directories and may necessitate a search of the entire system.

#find /dev -context *:device_t:* \( -type c -o -type b \) -printf "%p %Z\n"

#find /dev -context *:unlabeled_t:* \( -type c -o -type b \) -printf "%p %Z\n"

Note: There are device files, such as "/dev/vmci", that are used when the operating system is a host virtual machine. They will not be owned by a user on the system and require the "device_t" label to operate. These device files are not a finding.

If there is output from either of these commands, other than already noted, this is a finding.

Vulnerability Number

V-204479

Documentable

False

Rule Version

RHEL-07-020900

Severity Override Guidance

Verify that all system device files are correctly labeled to prevent unauthorized modification.

List all device files on the system that are incorrectly labeled with the following commands:

Note: Device files are normally found under "/dev", but applications may place device files in other directories and may necessitate a search of the entire system.

#find /dev -context *:device_t:* \( -type c -o -type b \) -printf "%p %Z\n"

#find /dev -context *:unlabeled_t:* \( -type c -o -type b \) -printf "%p %Z\n"

Note: There are device files, such as "/dev/vmci", that are used when the operating system is a host virtual machine. They will not be owned by a user on the system and require the "device_t" label to operate. These device files are not a finding.

If there is output from either of these commands, other than already noted, this is a finding.

Check Content Reference

M

Target Key

2899

Comments