Device files and directories must only be writable by users with a system account or as configured by the vendor.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-51239 | OSX8-00-00990 | SV-65449r1_rule | Medium |
| Description |
|---|
| Device files and directories must only be writable by users with a system account or as configured by the vendor. |
| STIG | Date |
|---|---|
| Apple OS X 10.8 (Mountain Lion) Workstation STIG | 2015-02-10 |
Details
| Check Text ( C-53587r1_chk ) |
|---|
| To view the list of device files that are on the system, run the following command: sudo find / -perm -2 -a \( -type b -o -type c \) Check the permissions on the directories above subdirectories of the returned items. If any of the device files or their parent directories are world-writable, except device files specifically intended to be world-writable such as /dev/null, this is a finding. |
| Fix Text (F-56039r1_fix) |
|---|
| To remove the writable option for other users, run the following command: sudo chmod o-w [path to device file] |