The Oracle Linux operating system must be configured so that all system device files are correctly labeled to prevent unauthorized modification.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-221740 | OL07-00-020900 | SV-221740r991589_rule | CCI-000366 | medium |
| Description | ||||
| If an unauthorized or modified device is allowed to exist on the system, there is the possibility the system may perform unintended or unauthorized operations. | ||||
| STIG | Date | |||
| Oracle Linux 7 Security Technical Implementation Guide | 2025-05-08 | |||
Details
Check Text (C-221740r991589_chk)
Verify that all system device files are correctly labeled to prevent unauthorized modification.
List all device files on the system that are incorrectly labeled with the following commands:
Note: Device files are normally found under "/dev", but applications may place device files in other directories and may necessitate a search of the entire system.
#find /dev -context *:device_t:* \( -type c -o -type b \) -printf "%p %Z\n"
#find /dev -context *:unlabeled_t:* \( -type c -o -type b \) -printf "%p %Z\n"
Note: There are device files, such as "/dev/vmci", that are used when the operating system is a host virtual machine. They will not be owned by a user on the system and require the "device_t" label to operate. These device files are not a finding.
If there is output from either of these commands, other than already noted, this is a finding.
Fix Text (F-23444r419293_fix)
Run the following command to determine which package owns the device file:
# rpm -qf <filename>
The package can be reinstalled from a yum repository using the command:
# sudo yum reinstall <packagename>
Alternatively, the package can be reinstalled from trusted media using the command:
# sudo rpm -Uvh <packagename>