STIGQter: STIG Summary: Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 Mar 2021:

The Ubuntu operating system must have system commands owned by root.

DISA Rule

SV-238377r654306_rule

Vulnerability Number

V-238377

Group Title

SRG-OS-000259-GPOS-00100

Rule Version

UBTU-20-010457

Severity

CAT II

CCI(s)

• CCI-001499 - The organization limits privileges to change software resident within software libraries.

Weight

10

Fix Recommendation

Configure the system commands and their respective parent directories to be protected from unauthorized access. Run the following command:

$ sudo find /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin ! -user root -type f -exec chown root '{}' \;

Check Contents

Verify the system commands contained in the following directories are owned by root:

/bin
/sbin
/usr/bin
/usr/sbin
/usr/local/bin
/usr/local/sbin

Use the following command for the check:

$ sudo find /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin ! -user root -type f -exec stat -c "%n %U" '{}' \;

If any system commands are returned, this is a finding.

Vulnerability Number

V-238377

Documentable

False

Rule Version

UBTU-20-010457

Severity Override Guidance

Verify the system commands contained in the following directories are owned by root:

/bin
/sbin
/usr/bin
/usr/sbin
/usr/local/bin
/usr/local/sbin

Use the following command for the check:

$ sudo find /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin ! -user root -type f -exec stat -c "%n %U" '{}' \;

If any system commands are returned, this is a finding.

Check Content Reference

M

Target Key

5318

Comments