UCF STIG Viewer Logo

The /etc/sysctl.conf file must not have an extended ACL.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22596 GEN000000-LNX00530 SV-62983r1_rule Medium
Description
The sysctl.conf file specifies the values for kernel parameters to be set on boot. These settings can affect the system's security.
STIG Date
Oracle Linux 5 Security Technical Implementation Guide 2020-02-25

Details

Check Text ( C-51769r1_chk )
Check the permissions of the file.

# ls -lL /etc/sysctl.conf

If the permissions of the file or directory contain a '+', an extended ACL is present. If the file has an extended ACL and it has not been documented with the IAO, this is a finding.
Fix Text (F-53551r1_fix)
Remove the extended ACL from the file.
# setfacl --remove-all /etc/sysctl.conf