Atlassian uses cookies to improve your browsing experience, perform analytics and research, and conduct advertising. Accept all cookies to indicate that you agree to our use of cookies on your device. Atlassian cookies and tracking notice, (opens new window)
Using the stat command to scan Linux user/group ownership as well as permissions on files and directories. These are usually combined with the find command to traverse multiple directories or an entire filesystem. The following example controls go over the 3 Type values for Linux Security and are related to world-writable files and directories.
Ownerships:user:
<Group>
<GroupId>V-228563</GroupId>
<GroupTitle>SRG-OS-000480-GPOS-00227</GroupTitle>
<RuleId>SV-228563r744119_rule</RuleId>
<Severity>CAT II</Severity>
<RuleVersion>RHEL-07-021031</RuleVersion>
<RuleTitle>The Red Hat Enterprise Linux operating system must be configured so that all world-writable directories are owned by root, sys, bin, or an application user.</RuleTitle>
<Where>Linux Security</Where>
<Applied>[find / -xdev -type d -perm -0002 -uid +999]</Applied>
<Type>Ownerships:user</Type>
<Value>[""],root</Value>
<Ignore>case,space</Ignore>
<IgnoreReason></IgnoreReason>
</Group>
Ownerships:group:
<Group>
<GroupId>V-204487</GroupId>
<GroupTitle>SRG-OS-000480-GPOS-00227</GroupTitle>
<RuleId>SV-204487r744106_rule</RuleId>
<Severity>CAT II</Severity>
<RuleVersion>RHEL-07-021030</RuleVersion>
<RuleTitle>The Red Hat Enterprise Linux operating system must be configured so that all world-writable directories are group-owned by root, sys, bin, or an application group.</RuleTitle>
<Where>Linux Security</Where>
<Applied>[find / -xdev -type d -perm -0002 -gid +999]</Applied>
<Type>Ownerships:group</Type>
<Value>[""],root</Value>
<Ignore>case,space</Ignore>
<IgnoreReason></IgnoreReason>
</Group>
Permissions:
<Group>
<GroupId>V-204478</GroupId>
<GroupTitle>SRG-OS-000480-GPOS-00227</GroupTitle>
<RuleId>SV-204478r603261_rule</RuleId>
<Severity>CAT II</Severity>
<RuleVersion>RHEL-07-020730</RuleVersion>
<RuleTitle>The Red Hat Enterprise Linux operating system must be configured so that local initialization files do not execute world-writable programs.</RuleTitle>
<Where>Linux Security</Where>
<Applied>[find / -xdev -perm -775 -type f -exec ls -ld {} \;]</Applied>
<Type>Permissions</Type>
<Value>[""],775</Value>
<Ignore>case,space,import</Ignore>
<IgnoreReason></IgnoreReason>
</Group>
