STIGQter STIGQter: STIG Summary: Red Hat Enterprise Linux 7 Security Technical Implementation Guide Version: 3 Release: 3 Benchmark Date: 23 Apr 2021:

The Red Hat Enterprise Linux operating system must be configured so that all world-writable directories are group-owned by root, sys, bin, or an application group.

DISA Rule

SV-204487r603261_rule

Vulnerability Number

V-204487

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

RHEL-07-021030

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

All directories in local partitions which are world-writable should be group-owned by root or another system account. If any world-writable directories are not group-owned by a system account, this should be investigated. Following this, the directories should be deleted or assigned to an appropriate group.

Check Contents

The following command will discover and print world-writable directories that are not group-owned by a system account, assuming only system accounts have a GID lower than 1000. Run it once for each local partition [PART]:

# find [PART] -xdev -type d -perm -0002 -gid +999 -print

If there is output, this is a finding.

Vulnerability Number

V-204487

Documentable

False

Rule Version

RHEL-07-021030

Severity Override Guidance

The following command will discover and print world-writable directories that are not group-owned by a system account, assuming only system accounts have a GID lower than 1000. Run it once for each local partition [PART]:

# find [PART] -xdev -type d -perm -0002 -gid +999 -print

If there is output, this is a finding.

Check Content Reference

M

Target Key

2899

Comments