UCF STIG Viewer Logo

All system command files must be owned by root.


Overview

Finding ID Version Rule ID IA Controls Severity
V-38472 RHEL-06-000048 SV-50272r1_rule Medium
Description
System binaries are executed by privileged users as well as system services, and restrictive permissions are necessary to ensure that their execution of these programs cannot be co-opted.
STIG Date
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2015-05-26

Details

Check Text ( C-46027r1_chk )
System executables are stored in the following directories by default:

/bin
/usr/bin
/usr/local/bin
/sbin
/usr/sbin
/usr/local/sbin

All files in these directories should not be group-writable or world-writable. To find system executables that are not owned by "root", run the following command for each directory [DIR] which contains system executables:

$ find -L [DIR] \! -user root


If any system executables are found to not be owned by root, this is a finding.
Fix Text (F-43417r1_fix)
System executables are stored in the following directories by default:

/bin
/usr/bin
/usr/local/bin
/sbin
/usr/sbin
/usr/local/sbin

If any file [FILE] in these directories is found to be owned by a user other than root, correct its ownership with the following command:

# chown root [FILE]