The system package management tool must verify group-ownership on all files and directories associated with packages.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| RHEL-06-000517 | RHEL-06-000517 | RHEL-06-000517_rule | Low |
| Description |
|---|
| Group-ownership of system binaries and configuration files that is incorrect could allow an unauthorized users to gain privileges that they should not have. The group-ownership set by the vendor should be maintained. Any deviations from this baseline should be investigated. |
| STIG | Date |
|---|---|
| Red Hat Enterprise Linux 6 Security Technical Implementation Guide | 2013-02-05 |
Details
| Check Text ( C-RHEL-06-000517_chk ) |
|---|
| The following command will list which files on the system have group-ownership different from what is expected by the RPM database: # rpm -Va | grep '^......G If there is output, this is a finding. |
| Fix Text (F-RHEL-06-000517_fix) |
|---|
| The RPM package management system can check group-ownership of files associated with installed software packages, including many that are important to system security. The following command will list which files on the system have group-ownership different from what is expected by the RPM database: # rpm -Va | grep '^......G' |