mediumfilesystemverified ✓rollback-safe
Ensure library directories are owned by root
library-dirs-owner · RHEL ≥ 8, UBUNTU ≥ 22 · 1 impl
Description
All shared library directories must be owned by root to prevent unauthorized modification.
Rationale
Library directories not owned by root could allow non-privileged users to add malicious libraries that are loaded by system applications.
Check → Remediate
Checkcommand
find /lib /lib64 /usr/lib /usr/lib64 ! -user root -type d 2>/dev/null | head -1
Remediatefile_permissions
- find_paths:
- /lib, /lib64, /usr/lib, /usr/lib64
- find_type:
- d
- find_args:
- ! -user root
- owner:
- root
Framework references
STIG
V-281041 / RHEL-10-400120V-257922 / RHEL-09-232210V-251708V-270698 / UBTU-24-300008V-260497 / UBTU-22-232060
NIST 800-53
AC-6CM-5
Live verification
rhel8:checkubuntu22:checkubuntu24:checkubuntu26:check
#file-permissions#library-files#security