Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
All system device files must be correctly labeled to prevent unauthorized modification.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-72039 | RHEL-07-020900 | SV-86663r1_rule | Medium |
| Description |
|---|
| If an unauthorized or modified device is allowed to exist on the system, there is the possibility the system may perform unintended or unauthorized operations. |
| STIG | Date |
|---|---|
| Red Hat Enterprise Linux 7 Security Technical Implementation Guide | 2017-07-08 |
Details
| Check Text ( C-72271r1_chk ) |
|---|
| Verify that all system device files are correctly labeled to prevent unauthorized modification. List all device files on the system that are incorrectly labeled with the following commands: Note: Device files are normally found under "/dev", but applications may place device files in other directories and may necessitate a search of the entire system. #find /dev -context *:device_t:* \( -type c -o -type b \) -printf "%p %Z\n" #find /dev -context *:unlabeled_t:* \( -type c -o -type b \) -printf "%p %Z\n" Note: There are device files, such as "/dev/vmci", that are used when the operating system is a host virtual machine. They will not be owned by a user on the system and require the "device_t" label to operate. These device files are not a finding. If there is output from either of these commands, other than already noted, this is a finding. |
| Fix Text (F-78391r1_fix) |
|---|
| Run the following command to determine which package owns the device file: # rpm -qf The package can be reinstalled from a yum repository using the command: # sudo yum reinstall Alternatively, the package can be reinstalled from trusted media using the command: # sudo rpm -Uvh |