← Rules Catalog
mediumfilesystemverified rollback-safe

Audit world-writable files

no-world-writable-files · RHEL ≥ 8 · 1 impl

Description

World-writable files can be modified by any user on the system and represent a security risk. Such files should be audited and permissions corrected.

Rationale

World-writable files could be modified by attackers to inject malicious code or data. Regular auditing ensures no unauthorized world-writable files exist.

Check → Remediate

Checkcommand
find / -xdev -type f -perm -0002 2>/dev/null | head -1 | grep -q . && exit 1 || exit 0
expected_exit:
0
Remediatefile_permissions
find_paths:
/
find_type:
f
find_args:
-xdev -perm -0002
mode:
o-w

Framework references

CIS

rhel8 7.1.11rhel9 7.1.11rhel10 7.1.11

NIST 800-53

AC-6CM-6AC-3MP-2

Live verification

rhel10:checkrhel8:checkrhel9:check
#permissions#world-writable#audit#security