UCF STIG Viewer Logo

All network services daemon files must have mode 0755 or less permissive.


Overview

Finding ID Version Rule ID IA Controls Severity
V-226487 GEN001180 SV-226487r854407_rule Medium
Description
Restricting permission on daemons will protect them from unauthorized modification and possible system compromise.
STIG Date
Solaris 10 SPARC Security Technical Implementation Guide 2022-09-07

Details

Check Text ( C-28648r482846_chk )
Check the mode of network services daemons.
# ls -la /usr/bin /usr/sbin
If the mode of a network services daemon is more permissive than 0755, this is a finding.
NOTE: Network daemons not residing in these directories (such as httpd or sshd) must also be checked for the correct permissions.

A way to locate network daemons, such as httpd and sshd, is with the ps command.
# ps -ef | egrep '(sshd|httpd)'
Fix Text (F-28636r482847_fix)
Change the mode of the network services daemon.
# chmod 0755