SV-217147r603262_rule
V-217147
SRG-OS-000138-GPOS-00069
SLES-12-010460
CAT II
10
Configure the SUSE operating system shared system resources to prevent any unauthorized and unintended information transfer by setting the sticky bit for all world-writable directories.
An example of a world-writable directory is "/tmp" directory. Set the sticky bit on all of the world-writable directories (using the "/tmp" directory as an example) with the following command:
# sudo chmod 1777 /tmp
For every world-writable directory, replace "/tmp" in the command above with the world-writable directory that does not have the sticky bit set.
Verify the SUSE operating system prevents unauthorized and unintended information transfer via the shared system resources.
Note: The example below should be repeated for each locally defined partition.
Check that world-writable directories have the sticky bit set with the following command:
# sudo find / -xdev -perm -002 -type d -fstype xfs -exec ls -lLd {} \;
256 0 drwxrwxrwt 1 root root 4096 Jun 14 06:45 /tmp
If any of the returned directories do not have the sticky bit set, or are not documented as having the write permission for the other class, this is a finding.
V-217147
False
SLES-12-010460
Verify the SUSE operating system prevents unauthorized and unintended information transfer via the shared system resources.
Note: The example below should be repeated for each locally defined partition.
Check that world-writable directories have the sticky bit set with the following command:
# sudo find / -xdev -perm -002 -type d -fstype xfs -exec ls -lLd {} \;
256 0 drwxrwxrwt 1 root root 4096 Jun 14 06:45 /tmp
If any of the returned directories do not have the sticky bit set, or are not documented as having the write permission for the other class, this is a finding.
M
4033