STIGQter: STIG Summary: Oracle Linux 7 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The Oracle Linux operating system must be configured so that all world-writable directories are group-owned by root, sys, bin, or an application group.

DISA Rule

SV-221748r603260_rule

Vulnerability Number

V-221748

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

OL07-00-021030

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

All directories in local partitions which are world-writable should be group-owned by root or another system account. If any world-writable directories are not group-owned by a system account, this should be investigated. Following this, the directories should be deleted or assigned to an appropriate group.

Check Contents

The following command will discover and print world-writable directories that are not group-owned by a system account, given the assumption that only system accounts have a gid lower than 1000. Run it once for each local partition [PART]:

# find [PART] -xdev -type d -perm -0002 -gid +999 -print

If there is output, this is a finding.

Vulnerability Number

V-221748

Documentable

False

Rule Version

OL07-00-021030

Severity Override Guidance

The following command will discover and print world-writable directories that are not group-owned by a system account, given the assumption that only system accounts have a gid lower than 1000. Run it once for each local partition [PART]:

# find [PART] -xdev -type d -perm -0002 -gid +999 -print

If there is output, this is a finding.

Check Content Reference

M

Target Key

4089

Comments