{"description": "System commands files are stored in the following directories by default:\n<pre>/bin\n/sbin\n/usr/bin\n/usr/sbin\n/usr/local/bin\n/usr/local/sbin\n</pre>\nAll these directories should be owned by the <tt>root</tt> group.\nIf the directory is found to be owned by a group other than root correct\nits ownership with the following command:\n<pre>$ sudo chgrp root <i>DIR</i></pre>", "rationale": "If the operating system allows any user to make changes to software\nlibraries, then those changes might be implemented without undergoing the\nappropriate testing and approvals that are part of a robust change management\nprocess.\nThis requirement applies to operating systems with software libraries\nthat are accessible and configurable, as in the case of interpreted languages.\nSoftware libraries also include privileged programs which execute with\nescalated privileges. Only qualified and authorized individuals must be\nallowed to obtain access to information system components for purposes\nof initiating changes, including upgrades and modifications.", "severity": "medium", "references": {"srg": ["SRG-OS-000258-GPOS-00099"], "stigid": ["UBTU-22-232045"], "stigref": ["SV-260494r991559_rule"]}, "control_references": {"stigid": ["UBTU-22-232045"]}, "components": [], "identifiers": {}, "ocil_clause": "any of these directories are not owned by root group", "ocil": "System commands are stored in the following directories:\n<pre>/bin\n/sbin\n/usr/bin\n/usr/sbin\n/usr/local/bin\n/usr/local/sbin</pre>\nFor each of these directories, run the following command to find files not\nowned by root group:\n<pre>$ sudo find -L <i>$DIR</i> ! -group root -type d \\;</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Verify that system commands directories are group owned by root", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_groupownership_binary_dirs/rule.yml", "template": {"name": "file_groupowner", "vars": {"filepath": ["/bin/", "/sbin/", "/usr/bin/", "/usr/sbin/", "/usr/local/bin/", "/usr/local/sbin/"], "recursive": "true", "gid_or_name": "0"}, "backends": {}}}