Profile Applicability:
Level 1
Description:
Files or directories without a valid owner (user) or group can cause security risks by allowing unauthorized access or privilege escalation. Such unowned or ungrouped files may result from deleted users or groups and should be identified and remediated.
Rationale:
Removing or reassigning unowned and ungrouped files ensures consistent ownership, reduces security risks, and improves system accountability.
Impact:
Pros:
Prevents unauthorized access to files with unknown ownership.
Enhances system security and auditing.
Cons:
Reassigning ownership incorrectly could affect system operations.
Default Value:
Unowned or ungrouped files may exist due to user/group deletions or misconfigurations.
Pre-requisites:
Root or sudo privileges to audit and modify file ownership.
Remediation:
Test Plan:
Using Linux command line:
Find unowned files:
find / -xdev -nouser -print
Find ungrouped files:
find / -xdev -nogroup -print
Verify that no critical files appear in the results.
Implementation Plan:
Using Linux command line:
Change ownership of unowned files to appropriate users:
chown root:root /path/to/file
Change group ownership of ungrouped files accordingly:
chgrp root /path/to/file
Automate periodic scanning and remediation as part of maintenance.
Backout Plan:
Using Linux command line:
Restore previous ownership from backups if needed.
Review system functionality after changes.
References:
CIS Amazon Linux 2 Benchmark v3.0.0