Device files used for backup must only be readable and/or writable by root or the backup user.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-925 | GEN002300 | SV-925r2_rule | ECCD-2 ECCD-1 | Medium |
| Description |
|---|
| System backups could be accidentally or maliciously overwritten and destroy the ability to recover the system if a compromise should occur. Unauthorized users could also copy system files. |
| STIG | Date |
|---|---|
| SOLARIS 9 X86 SECURITY TECHNICAL IMPLEMENTATION GUIDE | 2015-10-01 |
Details
| Check Text ( C-466r2_chk ) |
|---|
| Check the system for world-writable device files. Procedure: # find / -perm -2 -a \( -type b -o -type c \) -exec ls -ld {} \; If any device file(s) used for backup are writable by users other than root, this is a finding. |
| Fix Text (F-1079r2_fix) |
|---|
| Use the chmod command to remove the world-writable bit from the backup device files. Procedure: # chmod o-w backdevicefilename Document all changes. |