Free DISA STIG and SRG Library | Vaulted

V-22367

Audio devices must not have extended ACLs.

Finding ID
GEN002330
Rule ID
SV-38743r1_rule
Severity
Cat II
CCE
(None)
Group Title
GEN002330
CCI
CCI-000225
Target Key
(None)
Documentable
No
Discussion

File system ACLs can provide access to files beyond what is allowed by the mode numbers of the files.

Fix Text

Remove the extended ACL from the audio device file(s) and disable extended permissions. #acledit &lt;<directory>/&lt;>/<file>

Check Content

Determine the audio device files for the system. Procedure: # /usr/sbin/lsdev -C | grep -i audio #aclget /dev/*aud0 Check if extended permissions are disabled. If extended permissions are not disabled, this is a finding.

Responsibility

System Administrator

IA Controls

ECLP-1