[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

114411

 
 

909

 
 

88812

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-90918-4

Platform: rhel7Date: (C)2017-06-29   (M)2018-09-27



Verify that Shared Library Files Have Root Ownership System-wide shared library files, which are linked to executables during process load time or run time, are stored in the following directories by default: /lib /lib64 /usr/lib /usr/lib64 Kernel modules, which can be added to the kernel during runtime, are also stored in '/lib/modules'. All files in these directories should be owned by the 'root' user. If the directory, or any file in these directories, is found to be owned by a user other than root correct its ownership with the following command: '$ sudo chown root FILE'


Parameter:


Technical Mechanism: Files from shared library directories are loaded into the address space of processes (including privileged ones) or of the kernel itself at runtime. Proper ownership is necessary to protect the integrity of the system. Fix: for LIBDIR in /usr/lib /usr/lib64 /lib /lib64 do if [ -d $LIBDIR ] then find -L $LIBDIR \! -user root -exec chown root \; fi done

References:

Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:31297
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:30574


OVAL    2
oval:org.secpod.oval:def:30574
oval:org.secpod.oval:def:31297
XCCDF    2
xccdf_org.secpod_benchmark_general_RHEL_7
xccdf_org.secpod_benchmark_general_CENTOS_7

© SecPod Technologies