{"description": "<pre>/bin\n/sbin\n/usr/bin\n/usr/sbin\n/usr/local/bin\n/usr/local/sbin</pre>\nAll these directories should be owned by the <tt>root</tt> user.\nIf any directory <i>DIR</i> in these directories is found\nto be owned by a user other than root, correct its ownership with the\nfollowing command:\n<pre>$ sudo chown root <i>DIR</i></pre>", "rationale": "System binaries are executed by privileged users as well as system services,\nand restrictive permissions are necessary to ensure that their\nexecution of these programs cannot be co-opted.", "severity": "medium", "references": {"srg": ["SRG-OS-000258-GPOS-00099"], "stigid": ["UBTU-22-232040"], "stigref": ["SV-260493r991559_rule"]}, "control_references": {"stigid": ["UBTU-22-232040"]}, "components": [], "identifiers": {}, "ocil_clause": "any system executables directories are found to not be owned by root", "ocil": "System executables are stored in the following directories by default:\n<pre>/bin\n/sbin\n/usr/bin\n/usr/local/bin\n/usr/local/sbin\n/usr/sbin</pre>\nFor each of these directories, run the following command to find files\nnot owned by root:\n<pre>$ sudo find -L <i>DIR/</i> ! -user root -type d -exec chown root {} \\;</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Verify that System Executable Have Root Ownership", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_binary_dirs/rule.yml", "template": {"name": "file_owner", "vars": {"filepath": ["/bin/", "/sbin/", "/usr/bin/", "/usr/sbin/", "/usr/local/bin/", "/usr/local/sbin/"], "recursive": "true", "uid_or_name": "0"}, "backends": {}}}