UCF STIG Viewer Logo

Device files used for backup must only be readable and/or writable by root or the backup user.


Overview

Finding ID Version Rule ID IA Controls Severity
V-925 GEN002300 SV-45178r1_rule Medium
Description
System backups could be accidentally or maliciously overwritten and destroy the ability to recover the system if a compromise should occur. Unauthorized users could also copy system files.
STIG Date
SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide 2018-09-19

Details

Check Text ( C-42523r1_chk )
Check the system for world-writable device files.

Procedure:
# find / -perm -2 -a \( -type b -o -type c \) -exec ls -ld {} \;

If any device file(s) used for backup are writable by users other than root, this is a finding.
Fix Text (F-38576r1_fix)
Use the chmod command to remove the world-writable bit from the backup device files.

Procedure:
# chmod o-w

Document all changes.