Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-257932 | RHEL-09-232260 | SV-257932r991589_rule | Medium |
Description |
---|
If an unauthorized or modified device is allowed to exist on the system, there is the possibility the system may perform unintended or unauthorized operations. |
STIG | Date |
---|---|
Red Hat Enterprise Linux 9 Security Technical Implementation Guide | 2024-06-04 |
Check Text ( C-61673r925781_chk ) |
---|
Verify that all system device files are correctly labeled to prevent unauthorized modification. List all device files on the system that are incorrectly labeled with the following commands: Note: Device files are normally found under "/dev", but applications may place device files in other directories and may necessitate a search of the entire system. # find /dev -context *:device_t:* \( -type c -o -type b \) -printf "%p %Z\n" # find /dev -context *:unlabeled_t:* \( -type c -o -type b \) -printf "%p %Z\n" Note: There are device files, such as "/dev/vmci", that are used when the operating system is a host virtual machine. They will not be owned by a user on the system and require the "device_t" label to operate. These device files are not a finding. If there is output from either of these commands, other than already noted, this is a finding. |
Fix Text (F-61597r925782_fix) |
---|
Restore the SELinux policy for the affected device file from the system policy database using the following command: $ sudo restorecon -v Substituting " $ sudo dnf reinstall If a package was not used to install the SELinux policy for a given device class, then it must be generated manually and provide specific type labels. |