[Forgot Password]
Login  Register Subscribe

24547

 
 

132763

 
 

124222

 
 

909

 
 

106938

 
 

150

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-90918-4

Platform: rhel7Date: (C)2017-06-29   (M)2019-04-25



Verify that Shared Library Files Have Root Ownership System-wide shared library files, which are linked to executables during process load time or run time, are stored in the following directories by default: /lib /lib64 /usr/lib /usr/lib64 Kernel modules, which can be added to the kernel during runtime, are also stored in '/lib/modules'. All files in these directories should be owned by the 'root' user. If the directory, or any file in these directories, is found to be owned by a user other than root correct its ownership with the following command: '$ sudo chown root FILE'


Parameter:


Technical Mechanism: Files from shared library directories are loaded into the address space of processes (including privileged ones) or of the kernel itself at runtime. Proper ownership is necessary to protect the integrity of the system. Fix: for LIBDIR in /usr/lib /usr/lib64 /lib /lib64 do if [ -d $LIBDIR ] then find -L $LIBDIR \! -user root -exec chown root \; fi done

References:

Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:31297
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:30574


OVAL    2
oval:org.secpod.oval:def:31297
oval:org.secpod.oval:def:30574
XCCDF    2
xccdf_org.secpod_benchmark_general_CENTOS_7
xccdf_org.secpod_benchmark_general_RHEL_7

© SecPod Technologies