UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

All network services daemon files must not have extended ACLs.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22313 GEN001190 SV-26361r1_rule ECLP-1 Medium
Description
Restricting permission on daemons will protect them from unauthorized modification and possible system compromise.
STIG Date
Solaris 10 X86 Security Technical Implementation Guide 2013-01-10

Details

Check Text ( C-27463r1_chk )
Verify network services daemon files have no extended ACLs.
# ls -la /usr/sbin
# ls -la /usr/bin
If the permissions include a "+", the file has an extended ACL and this is a finding.
NOTE: Network daemons not residing in these directories (such as httpd or sshd) must also be checked for the correct permissions.

A way to locate network daemons, such as httpd and sshd, is with the ps command.
# ps -ef | egrep '(sshd|httpd)'
Fix Text (F-23544r1_fix)
Remove the extended ACL from the file.
# chmod A- [file with extended ACL]