Hidden extended file attributes must not exist on the system.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-12032 | GEN000000-SOL00420 | SV-12533r2_rule | ECSC-1 | Medium |
| Description |
|---|
| Solaris extended attributes are essentially files themselves that are of an arbitrary size and content. They could be used to hide files from ordinary system file scans. |
| STIG | Date |
|---|---|
| SOLARIS 9 X86 SECURITY TECHNICAL IMPLEMENTATION GUIDE | 2015-10-01 |
Details
| Check Text ( C-7995r2_chk ) |
|---|
| Search for all files with hidden extended attributes. # find / -xattr -print -exec runat {} ls -al \; If hidden extended file attributes exist, this is a finding. |
| Fix Text (F-11289r2_fix) |
|---|
| Remove the hidden extended file attributes. # runat |