All network services daemon files must have mode 0755 or less permissive.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-786 | GEN001180 M6 | SV-37882r1_rule | ECLP-1 | Medium |
| Description |
|---|
| Restricting permission on daemons will protect them from unauthorized modification and possible system compromise. |
| STIG | Date |
|---|---|
| MAC OSX 10.6 Workstation Security Technical Implementation Guide Draft | 2013-01-10 |
Details
| Check Text ( C-37568r1_chk ) |
|---|
| Open a terminal session and enter the following command to check the mode of network services daemons (all on one line). find /usr/sbin -type f -perm +022 -exec stat -f %Lp:%N {} \; This will return the octal permissions and name of all files that are group or world-writable. If any network services daemon listed is world or group-writable (either or both of the 2 lowest order digits containing a 2, 3, 6, or 7), this is a finding. |
| Fix Text (F-32811r1_fix) |
|---|
| Open a terminal session and use the following command to change the mode of the network services daemon. chmod 755 |