Suspicious file ownership breaks CIS hardening rule
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
EasyRSA Charm |
New
|
Undecided
|
Unassigned |
Bug Description
When trying to perform CIS hardening level1 on the unit, the hardening fails because of the rule `xccdf_
- Rule name:
"Ensure All Files Are Owned by a User"
- Rule description:
"If any files are not owned by a user, then the cause of their lack of ownership should be investigated. Following this, the files should be deleted or assigned to an appropriate user. The following command will discover and print any files on local partitions which do not belong to a valid user:
$ df --local -P | awk {'if (NR!=1) print $6'} | sudo xargs -I '{}' find '{}' -xdev -nouser
To search all filesystems on a system including network mounted filesystems the following command can be run manually for each partition:
$ sudo find PARTITION -xdev -nouser"
Indeed some files are owned by "staff" user.
```
ubuntu@
/var/lib/
/var/lib/
/var/lib/
/var/lib/
/var/lib/
/var/lib/
/var/lib/
/var/lib/
/var/lib/
/var/lib/
/var/lib/
/var/lib/
/var/lib/
/var/lib/
/var/lib/
/var/lib/
/var/lib/
/var/lib/
/var/lib/
ubuntu@
total 104
drwxrwxr-x 5 501 staff 4096 Apr 6 10:22 ./
drwxr-xr-x 12 root root 4096 Apr 6 11:55 ../
rw-rw-r- 1 501 staff 1270 Sep 2 2015 COPYING
rw-rw-r- 1 501 staff 2415 Sep 2 2015 ChangeLog
rw-rw-r- 1 501 staff 3350 Sep 2 2015 README.
drwxrwxr-x 2 501 staff 4096 Apr 6 10:22 doc/
-rwxrwxr-x 1 501 staff 34910 Sep 9 2015 easyrsa*
rw-rw-r- 1 501 staff 18093 Sep 2 2015 gpl-2.0.txt
rw-rw-r- 1 501 staff 4583 Apr 6 10:22 openssl-1.0.cnf
drwx------ 6 root root 4096 Apr 6 10:27 pki/
rw-rw-r- 1 501 staff 8126 Sep 2 2015 vars.example
drwxrwxr-x 2 501 staff 4096 Sep 2 2015 x509-types/
```
Questions:
- What is this staff owernship ?
- Can we apply a remediation by changing ownership to root ?
Attached usg report where rule is failing.
Environment:
- LXD-based
- Single unit
- easyrsa: 3.0.1
- channel: latest/stable
- revision: 55