{"description": "\nTo properly set the owner of <code>/etc/ssh/sshd_config.d</code>, run the command:\n\n  <pre>$ sudo chown root /etc/ssh/sshd_config.d </pre>\n  ", "rationale": "Service configuration files enable or disable features of their respective\nservices that if configured incorrectly can lead to insecure and vulnerable\nconfigurations. Therefore, service configuration files should be owned by the\ncorrect group to prevent unauthorized changes.", "severity": "medium", "references": {"cis-csc": ["12", "13", "14", "15", "16", "18", "3", "5"], "cobit5": ["APO01.06", "DSS05.04", "DSS05.07", "DSS06.02"], "isa-62443-2009": ["4.3.3.7.3"], "isa-62443-2013": ["SR 2.1", "SR 5.2"], "iso27001-2013": ["A.10.1.1", "A.11.1.4", "A.11.1.5", "A.11.2.1", "A.13.1.1", "A.13.1.3", "A.13.2.1", "A.13.2.3", "A.13.2.4", "A.14.1.2", "A.14.1.3", "A.6.1.2", "A.7.1.1", "A.7.1.2", "A.7.3.1", "A.8.2.2", "A.8.2.3", "A.9.1.1", "A.9.1.2", "A.9.2.3", "A.9.4.1", "A.9.4.4", "A.9.4.5"], "nerc-cip": ["CIP-003-8 R5.1.1", "CIP-003-8 R5.3", "CIP-004-6 R2.3", "CIP-007-3 R2.1", "CIP-007-3 R2.2", "CIP-007-3 R2.3", "CIP-007-3 R5.1", "CIP-007-3 R5.1.1", "CIP-007-3 R5.1.2"], "nist": ["AC-17(a)", "CM-6(a)", "AC-6(1)"], "nist-csf": ["PR.AC-4", "PR.DS-5"], "srg": ["SRG-OS-000480-GPOS-00227"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "/etc/ssh/sshd_config.d directory does not have a owner owner of root", "ocil": "To check the ownership of <code>/etc/ssh/sshd_config.d</code> directory,\nrun the command:\n<pre>$ ls -ldL /etc/ssh/sshd_config.d</pre>\nIf properly configured, the output should indicate the following owner:\n<code>root</code>", "oval_external_content": null, "fixtext": " Change the owner of the directory /etc/ssh/sshd_config.d to root by running the following command:\n$ sudo chown root /etc/ssh/sshd_config.d", "checktext": "", "vuldiscussion": "", "srg_requirement": " The Ubuntu 22.04 /etc/ssh/sshd_config.d directory must be owned by root.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "system_with_kernel", "platforms": ["system_with_kernel"], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": ["system_with_kernel"], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Verify Owner on SSH Server Configuration Files", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/ssh/directory_owner_sshd_config_d/rule.yml", "template": {"name": "file_owner", "vars": {"filepath": "/etc/ssh/sshd_config.d/", "uid_or_name": "0"}, "backends": {}}}