UCF STIG Viewer Logo

The Photon operating system must protect all sysctl configuration files from unauthorized access.


Overview

Finding ID Version Rule ID IA Controls Severity
V-239191 PHTN-67-000120 SV-239191r675381_rule Medium
Description
The sysctl configuration file specifies values for kernel parameters to be set on boot. Incorrect or malicious configuration of these parameters can have a negative effect on system security.
STIG Date
VMware vSphere 6.7 Photon OS Security Technical Implementation Guide 2022-06-17

Details

Check Text ( C-42402r675379_chk )
At the command line, execute the following command:

# find /etc/sysctl.conf /etc/sysctl.d/* -xdev -type f -a '(' -not -perm 600 -o -not -user root -o -not -group root ')' -exec ls -ld {} \;

If any files are returned, this is a finding.
Fix Text (F-42361r675380_fix)
At the command line, execute the following commands for each returned file:

# chmod 600
# chown root:root