{"description": "Verify that the SUSE operating system prevents unauthorized users from\naccessing system command and library files.\n\nCheck that all of the audit information files and folders have the correct\npermissions with the following command:\n<pre># sudo chkstat --warn --system</pre>\n\nSet the correct permissions with the following command:\n\n<pre># sudo chkstat --set --system</pre>", "rationale": "If the SUSE operating system were to allow any user to make changes to\nsoftware libraries, those changes might be implemented without undergoing\nthe appropriate testing and approvals that are part of a robust change\nmanagement process.\n\nThis requirement applies to SUSE operating systems with software libraries\nthat are accessible and configurable, as in the case of interpreted\nlanguages. Software libraries also include privileged programs that execute\nwith escalated privileges. Only qualified and authorized individuals must\nbe allowed to obtain access to information system components to initiate\nchanges, including upgrades and modifications.", "severity": "medium", "references": {"srg": ["SRG-OS-000259-GPOS-00100"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": null, "ocil": "Check that all of the audit information files and folders have the correct\npermissions with the following command:\n<pre># sudo chkstat --warn --system</pre>\n\nIf you get any warnings, set the correct permissions with the following command:\n\n<pre># sudo chkstat --set --system</pre>\n\n\n- general: |-\n    This rule is deprecated in favor of the <code>SLES 12 STIG Revision v2R10</code> rule.Please consider replacing this rule in your files as it is not expected to receive\n    updates as of version <code>0.1.69</code>.", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "OS commands and libraries must have the proper permissions to protect from unauthorized access", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/permissions/permissions_local/run_chkstat/rule.yml", "template": null}