{"description": "The System.map files are symbol map files generated during the compilation of the Linux\nkernel. They contain the mapping between kernel symbols and their corresponding memory\naddresses. In general, there is no need for non-root users to read these files.\n\n\nTo properly set the permissions of <code>/boot/System.map*</code>, run the command:\n<pre>$ sudo chmod 0600 /boot/System.map*</pre>", "rationale": "The purpose of <tt>System.map</tt> files is primarily for debugging and profiling the kernel.\nUnrestricted access to these files might disclose information useful to attackers and\nmalicious software leading to more sophisticated exploitation.", "severity": "low", "references": {"anssi": ["R29"]}, "control_references": {"anssi": ["R29"]}, "components": [], "identifiers": {}, "ocil_clause": "/boot/System.map* does not have unix mode -rw-------", "ocil": "To check the permissions of <code>/boot/System.map*</code>,\nrun the command:\n<pre>$ ls -l /boot/System.map*</pre>\nIf properly configured, the output should indicate the following permissions:\n<code>-rw-------</code>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "system_with_kernel", "platforms": ["system_with_kernel"], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": ["system_with_kernel"], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Verify Permissions on System.map Files", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/permissions/files/file_permissions_systemmap/rule.yml", "template": {"name": "file_permissions", "vars": {"filepath": "/boot/", "file_regex": "^.*System\\.map.*$", "filemode": "0600", "allow_stricter_permissions": "true"}, "backends": {}}}