UCF STIG Viewer Logo

All manual page files must not have extended ACLs.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22316 GEN001290 SV-26372r1_rule ECLP-1 Low
Description
If manual pages are compromised, misleading information could be inserted, causing actions that may compromise the system.
STIG Date
SOLARIS 9 SPARC SECURITY TECHNICAL IMPLEMENTATION GUIDE 2015-10-01

Details

Check Text ( C-38713r1_chk )
Verify all manual page files have no extended ACLs. Check environment variable $MANPATH for full list of manpage locations.
# echo $MANPATH
Check for ACLs, note only a partial list is presented below.
# ls -lLR /usr/share/man /usr/sfw/man /usr/sfw/share/man

If the permissions include a "+", the file has an extended ACL and this is a finding.
Fix Text (F-23566r1_fix)
Remove the extended ACL from the file.
# getfacl [file with extended ACL]
Remove each ACE returned.
# setfacl -d [ACE] [file with extended ACL]