documentation_complete: true


title: 'OS commands and libraries must have the proper permissions to protect from unauthorized access'

description: |-
    Verify that the SUSE operating system prevents unauthorized users from
    accessing system command and library files.

    Check that all of the audit information files and folders have the correct
    permissions with the following command:
    <pre># sudo chkstat --warn --system</pre>

    Set the correct permissions with the following command:

    <pre># sudo chkstat --set --system</pre>

rationale: |-
    If the SUSE operating system were to allow any user to make changes to
    software libraries, those changes might be implemented without undergoing
    the appropriate testing and approvals that are part of a robust change
    management process.

    This requirement applies to SUSE operating systems with software libraries
    that are accessible and configurable, as in the case of interpreted
    languages. Software libraries also include privileged programs that execute
    with escalated privileges. Only qualified and authorized individuals must
    be allowed to obtain access to information system components to initiate
    changes, including upgrades and modifications.

severity: medium

identifiers:
    cce@sle12: CCE-83111-5

references:
    nist@sle12: CM-5(6)
    srg: SRG-OS-000259-GPOS-00100
    stigid@sle12: SLES-12-010880

ocil: |-
    Check that all of the audit information files and folders have the correct
    permissions with the following command:
    <pre># sudo chkstat --warn --system</pre>

    If you get any warnings, set the correct permissions with the following command:

    <pre># sudo chkstat --set --system</pre>

{{{ warning_rule_deprecated_by("SLES 12 STIG Revision v2R10", release='0.1.69') | indent(4) }}}