Linux Security

Owned by Joseph Osborne
Last updated: Jun 06, 2023
1 min read

Using the stat command to scan Linux user/group ownership as well as permissions on files and directories. These are usually combined with the find command to traverse multiple directories or an entire filesystem. The following example controls go over the 3 Type values for Linux Security and are related to world-writable files and directories.

Ownerships:user:

<Group> <GroupId>V-228563</GroupId> <GroupTitle>SRG-OS-000480-GPOS-00227</GroupTitle> <RuleId>SV-228563r744119_rule</RuleId> <Severity>CAT II</Severity> <RuleVersion>RHEL-07-021031</RuleVersion> <RuleTitle>The Red Hat Enterprise Linux operating system must be configured so that all world-writable directories are owned by root, sys, bin, or an application user.</RuleTitle> <Where>Linux Security</Where> <Applied>[find / -xdev -type d -perm -0002 -uid +999]</Applied> <Type>Ownerships:user</Type> <Value>[""],root</Value> <Ignore>case,space</Ignore> <IgnoreReason></IgnoreReason> </Group>

Ownerships:group:

<Group> <GroupId>V-204487</GroupId> <GroupTitle>SRG-OS-000480-GPOS-00227</GroupTitle> <RuleId>SV-204487r744106_rule</RuleId> <Severity>CAT II</Severity> <RuleVersion>RHEL-07-021030</RuleVersion> <RuleTitle>The Red Hat Enterprise Linux operating system must be configured so that all world-writable directories are group-owned by root, sys, bin, or an application group.</RuleTitle> <Where>Linux Security</Where> <Applied>[find / -xdev -type d -perm -0002 -gid +999]</Applied> <Type>Ownerships:group</Type> <Value>[""],root</Value> <Ignore>case,space</Ignore> <IgnoreReason></IgnoreReason> </Group>

Permissions:

<Group> <GroupId>V-204478</GroupId> <GroupTitle>SRG-OS-000480-GPOS-00227</GroupTitle> <RuleId>SV-204478r603261_rule</RuleId> <Severity>CAT II</Severity> <RuleVersion>RHEL-07-020730</RuleVersion> <RuleTitle>The Red Hat Enterprise Linux operating system must be configured so that local initialization files do not execute world-writable programs.</RuleTitle> <Where>Linux Security</Where> <Applied>[find / -xdev -perm -775 -type f -exec ls -ld {} \;]</Applied> <Type>Permissions</Type> <Value>[""],775</Value> <Ignore>case,space,import</Ignore> <IgnoreReason></IgnoreReason> </Group>

Related pages

Available ConfigOS STIG Signatures
Available ConfigOS STIG Signatures
SteelCloud Customer Knowledge Base
Read with this
Auditing System
Auditing System
SteelCloud Customer Knowledge Base
Read with this
File
File
SteelCloud Customer Knowledge Base
Read with this