STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Nutanix Acropolis GPOS Security Technical Implementation Guide

V-279624

CAT II (Medium)

Operating systems must prevent unauthorized and unintended information transfer via shared system resources.

Rule ID

SV-279624r1192609_rule

STIG

Nutanix Acropolis GPOS Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-001090

Discussion

Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection. This requirement generally applies to the design of an information technology product, but it can also apply to the configuration of particular information system components that are, or use, such products. This can be verified by acceptance/validation processes in DOD or other government agencies. There may be shared resources with configurable protections (e.g., files in storage) that may be assessed on specific information system components.

Check Content

1. For AOS, Prism Central, and Files, verify Nutanix OS provides that all public directories are owned by root using the following command.

$ sudo find / -type d \( -perm -0002 -a ! -perm -1000 \) -print 2>/dev/null
drwxrwxrwxt 7 root root 4096 Jul 26 11:19 /tmp

2. Verify AHV is configured so all public directories are owned by root (or a system account) and all world-writable directories have the sticky bit set using the following command.

$ sudo find / -type d -perm -0002 -exec ls -lLd {} \;
drwxrwxrwt. 2 root root 40 Jun  4 15:21 /dev/mqueue
drwxrwxrwt. 2 root root 40 Jun  4 15:21 /dev/shm
drwxrwxrwt. 7 root root 4096 Jul 28 15:37 /tmp

$ sudo find / -type d \( -perm -0002 -a ! -perm -1000 \) -print 2>/dev/null
drwxrwxrwxt 7 root root 4096 Jul 26 11:19 /tmp

If any of the public directories are not owned by root (or a system account) or are not world-writable and do not have the sticky bit set, this is a finding.

Fix Text

1. For AOS, Prism Central, and Files, note that the Nutanix OS is designed and engineered to have all world-writable directories set correctly with the sticky bit set. If the package is missing or not active and running, then some corruption has occurred and the OS must be rebuilt.

2. For AHV, configure all public directories to be owned by root or a system account to prevent unauthorized and unintended information transferred via shared system resources. Set the owner of all public directories as root or a system account by replacing "[Public Directory]" with any directory path not owned by root or a system account.

Set the sticky bit on all world-writable directories by replacing "[World-Writable Directory]" with any directory path missing the sticky bit.

Example command:

$ sudo chown root [Public Directory]
$ sudo chmod 1777 [World-Writable Directory]