← Back to Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide

V-282670

CAT II (Medium)

All TOSS 5 local files and directories must have a valid group owner.

Rule ID

SV-282670r1200990_rule

STIG

Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000366

Discussion

Files without a valid group owner may be unintentionally inherited if a group is assigned the same Group Identifier (GID) as the GID of the files without a valid group owner.

Check Content

Verify all local files and directories on TOSS 5 have a valid group using the following command:

$ df --local -P | awk {'if (NR!=1) print $6'} | sudo xargs -I '{}' find '{}' -xdev -nogroup

If any files on the system do not have an assigned group, this is a finding.

Fix Text

Either remove all files and directories from TOSS 5 that do not have a valid group, or assign a valid group to all files and directories on the system with the "chgrp" command:

$ sudo chgrp <group> <file>