← Rules Catalog
mediumfilesystemverified rollback-safe

Ensure library directories are owned by root

library-dirs-owner · RHEL ≥ 8, UBUNTU ≥ 22 · 1 impl

Description

All shared library directories must be owned by root to prevent unauthorized modification.

Rationale

Library directories not owned by root could allow non-privileged users to add malicious libraries that are loaded by system applications.

Check → Remediate

Checkcommand
find /lib /lib64 /usr/lib /usr/lib64 ! -user root -type d 2>/dev/null | head -1
Remediatefile_permissions
find_paths:
/lib, /lib64, /usr/lib, /usr/lib64
find_type:
d
find_args:
! -user root
owner:
root

Framework references

STIG

V-281041 / RHEL-10-400120V-257922 / RHEL-09-232210V-251708V-270698 / UBTU-24-300008V-260497 / UBTU-22-232060

NIST 800-53

AC-6CM-5

Live verification

rhel8:checkubuntu22:checkubuntu24:checkubuntu26:check
#file-permissions#library-files#security