STIGQter: STIG Summary: Solaris 10 SPARC Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

All system command files must have mode 755 or less permissive.

DISA Rule

SV-226489r603265_rule

Vulnerability Number

V-226489

Group Title

SRG-OS-000259

Rule Version

GEN001200

Severity

CAT II

CCI(s)

• CCI-001499 - The organization limits privileges to change software resident within software libraries.

Weight

10

Fix Recommendation

Change the mode for system command files to 755 or less permissive.

Procedure:
# chmod 755 <filename>

Check Contents

Check the permissions for files in /etc, /bin, /usr/bin, /usr/lbin, /usr/ucb, /sbin, and /usr/sbin.

Procedure:
# ls -lL /etc /bin /usr/bin /usr/lbin /usr/ucb /sbin /usr/sbin

If any command file is listed and has a mode more permissive than 755, this is a finding.

Note: Elevate to Severity Code I if any command file listed is world-writable.

Vulnerability Number

V-226489

Documentable

False

Rule Version

GEN001200

Severity Override Guidance

Check the permissions for files in /etc, /bin, /usr/bin, /usr/lbin, /usr/ucb, /sbin, and /usr/sbin.

Procedure:
# ls -lL /etc /bin /usr/bin /usr/lbin /usr/ucb /sbin /usr/sbin

If any command file is listed and has a mode more permissive than 755, this is a finding.

Note: Elevate to Severity Code I if any command file listed is world-writable.

Check Content Reference

M

Target Key

4060

Comments