SV-234828r622137_rule
V-234828
SRG-OS-000138-GPOS-00069
SLES-15-010300
CAT II
10
Configure the SUSE operating system shared system resources to prevent any unauthorized and unintended information transfer by setting the sticky bit for all world-writable directories.
An example of a world-writable directory is "/tmp" directory. Set the sticky bit on all of the world-writable directories (using the "/tmp" directory as an example) with the following command:
> sudo chmod 1777 /tmp
For every world-writable directory, replace "/tmp" in the command above with the world-writable directory that does not have the sticky bit set.
Verify the SUSE operating system prevents unauthorized and unintended information transfer via the shared system resources.
Check that world-writable directories have the sticky bit set with the following command:
> sudo find / \( -path /.snapshots -o -path /sys -o -path /proc \) -prune -o -perm -002 -type d -exec ls -lLd {} \;
256 0 drwxrwxrwt 1 root root 4096 Jun 14 06:45 /tmp
If any of the returned directories do not have the sticky bit set, or are not documented as having the write permission for the other class, this is a finding.
V-234828
False
SLES-15-010300
Verify the SUSE operating system prevents unauthorized and unintended information transfer via the shared system resources.
Check that world-writable directories have the sticky bit set with the following command:
> sudo find / \( -path /.snapshots -o -path /sys -o -path /proc \) -prune -o -perm -002 -type d -exec ls -lLd {} \;
256 0 drwxrwxrwt 1 root root 4096 Jun 14 06:45 /tmp
If any of the returned directories do not have the sticky bit set, or are not documented as having the write permission for the other class, this is a finding.
M
5274