Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-923 | GEN002260 | SV-37543r1_rule | DCSW-1 ECSC-1 | Low |
Description |
---|
If an unauthorized device is allowed to exist on the system, there is the possibility the system may perform unauthorized operations. |
STIG | Date |
---|---|
Red Hat Enterprise Linux 5 Security Technical Implementation Guide | 2014-07-07 |
Check Text ( C-36198r2_chk ) |
---|
Ask the SA for the automated or manual process used to check for extraneous device files. Review the process to determine if the system is checked for extraneous device files on a weekly basis. If no weekly automated or manual process is in place, this is a finding. If the process is not identifying extraneous device files, this is a finding. |
Fix Text (F-31458r1_fix) |
---|
Establish a weekly automated or manual process to create a list of device files on the system and determine if any files have been added, moved, or deleted since the last list was generated. A list of device files can be generated with this command: # find / -type b -o -type c > device-file-list |