Device files and directories must only be writable by users with a system account or as configured by the vendor.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-924	GEN002280	SV-45177r1_rule		Medium

Description
System device files in writable directories could be modified, removed, or used by an unprivileged user to control system hardware.

STIG	Date
SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide	2018-09-19

Details

Check Text ( C-42522r1_chk )
Find all world-writable device files existing anywhere on the system. Procedure: # find / -perm -2 -a \( -type b -o -type c \) > devicelist Check the permissions on the directories above subdirectories containing device files. If any of the device files or their parent directories are world-writable, excepting device files specifically intended to be world-writable such as /dev/null, this is a finding.

Check Text ( C-42522r1_chk )

Find all world-writable device files existing anywhere on the system.

Procedure:
# find / -perm -2 -a \( -type b -o -type c \) > devicelist
Check the permissions on the directories above subdirectories containing device files. If any of the device files or their parent directories are world-writable, excepting device files specifically intended to be world-writable such as /dev/null, this is a finding.

Fix Text (F-38575r1_fix)
Remove the world-writable permission from the device file(s). Procedure: # chmod o-w Document all changes.