STIGQter STIGQter: STIG Summary: Red Hat Enterprise Linux 7 Security Technical Implementation Guide Version: 3 Release: 3 Benchmark Date: 23 Apr 2021:

The Red Hat Enterprise Linux operating system must be configured so that all world-writable directories are owned by root, sys, bin, or an application user.

DISA Rule

SV-228563r606406_rule

Vulnerability Number

V-228563

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

RHEL-07-021031

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

All directories in local partitions which are world-writable should be owned by root or another system account. If any world-writable directories are not owned by a system account, this should be investigated. Following this, the files should be deleted or assigned to an appropriate group.

Check Contents

The following command will discover and print world-writable directories that are not owned by a system account, assuming only system accounts have a UID lower than 1000. Run it once for each local partition [PART]:

# find [PART] -xdev -type d -perm -0002 -uid +999 -print

If there is output, this is a finding.

Vulnerability Number

V-228563

Documentable

False

Rule Version

RHEL-07-021031

Severity Override Guidance

The following command will discover and print world-writable directories that are not owned by a system account, assuming only system accounts have a UID lower than 1000. Run it once for each local partition [PART]:

# find [PART] -xdev -type d -perm -0002 -uid +999 -print

If there is output, this is a finding.

Check Content Reference

M

Target Key

2899

Comments