1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
documentation_complete: true
title: 'Verify Group Who Owns SSH Server config file'
description: |-
{{{ describe_file_group_owner(file="/etc/ssh/sshd_config", group="root") }}}
rationale: |-
Service configuration files enable or disable features of their respective
services that if configured incorrectly can lead to insecure and vulnerable
configurations. Therefore, service configuration files should be owned by the
correct group to prevent unauthorized changes.
severity: medium
identifiers:
cce@rhel8: CCE-82901-0
cce@rhel9: CCE-90817-8
cce@rhel10: CCE-86992-5
cce@sle12: CCE-92276-5
cce@sle15: CCE-91392-1
cce@slmicro5: CCE-93889-4
references:
cis-csc: 12,13,14,15,16,18,3,5
cis@sle12: 5.2.1
cis@sle15: 5.2.1
cobit5: APO01.06,DSS05.04,DSS05.07,DSS06.02
isa-62443-2009: 4.3.3.7.3
isa-62443-2013: 'SR 2.1,SR 5.2'
iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
nerc-cip: CIP-003-8 R5.1.1,CIP-003-8 R5.3,CIP-004-6 R2.3,CIP-007-3 R2.1,CIP-007-3 R2.2,CIP-007-3 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.1,CIP-007-3 R5.1.2
nist: AC-17(a),CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
srg: SRG-OS-000480-GPOS-00227
ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/ssh/sshd_config", group="root") }}}'
ocil: |-
{{{ ocil_file_group_owner(file="/etc/ssh/sshd_config", group="root") }}}
fixtext: '{{{ fixtext_file_group_owner(file="/etc/ssh/sshd_config", group="root") }}}'
srg_requirement: '{{{ srg_requirement_file_group_owner(file="/etc/ssh/sshd_config", group="root") }}}'
template:
name: file_groupowner
vars:
filepath: /etc/ssh/sshd_config
gid_or_name: '0'
|
