UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system package management tool must verify group-ownership on all files and directories associated with packages.


Overview

Finding ID Version Rule ID IA Controls Severity
V-38453 RHEL-06-000517 SV-50253r1_rule Low
Description
Group-ownership of system binaries and configuration files that is incorrect could allow an unauthorized user to gain privileges that they should not have. The group-ownership set by the vendor should be maintained. Any deviations from this baseline should be investigated.
STIG Date
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2016-06-05

Details

Check Text ( C-46009r1_chk )
The following command will list which files on the system have group-ownership different from what is expected by the RPM database:

# rpm -Va | grep '^......G'


If there is output, this is a finding.
Fix Text (F-43399r1_fix)
The RPM package management system can restore group-ownership of the package files and directories. The following command will update files and directories with group-ownership different from what is expected by the RPM database:

# rpm -qf [file or directory name]
# rpm --setugids [package]