{"description": "The System.map files are symbol map files generated during the compilation of the Linux\nkernel. They contain the mapping between kernel symbols and their corresponding memory\naddresses. These files must be owned by root.\n\n\nTo properly set the owner of <code>/boot/System.map*</code>, run the command:\n\n  <pre>$ sudo chown root /boot/System.map* </pre>\n  ", "rationale": "The purpose of <tt>System.map</tt> files is primarily for debugging and profiling the kernel.\nUnrestricted access to these files might disclose information useful to attackers and\nmalicious software leading to more sophisticated exploitation.", "severity": "low", "references": {"anssi": ["R29"]}, "control_references": {"anssi": ["R29"]}, "components": [], "identifiers": {}, "ocil_clause": "/boot/System.map* does not have an owner of root", "ocil": "To check the ownership of <code>/boot/System.map*</code>,\nrun the command:\n<pre>$ ls -lL /boot/System.map*</pre>\nIf properly configured, the output should indicate the following owner:\n<code>root</code>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "system_with_kernel", "platforms": ["system_with_kernel"], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": ["system_with_kernel"], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Verify User Who Owns System.map Files", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/permissions/files/file_owner_systemmap/rule.yml", "template": {"name": "file_owner", "vars": {"filepath": "/boot/", "file_regex": "^.*System\\.map.*$", "uid_or_name": "0"}, "backends": {}}}