← Back to SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

V-828

CAT II (Medium)

The hosts.lpd (or equivalent) file must be owned by root, bin, sys, or lp.

Rule ID

SV-45813r1_rule

STIG

SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

Version

V1R12

CCIs

CCI-000225

Discussion

Failure to give ownership of the hosts.lpd file to root, bin, sys, or lp provides the designated owner, and possible unauthorized users, with the potential to modify the hosts.lpd file. Unauthorized modifications could disrupt access to local printers from authorized remote hosts or permit unauthorized remote access to local printers.

Check Content

Check the ownership of the print service configuration file.

Procedure:
# find /etc -name hosts.lpd -print
# find /etc -name Systems –print
# find /etc –name printers.conf -print  

If no print service configuration file is found, this is not applicable.

Check the ownership of the print service configuration file(s).

# ls –lL <print service file>

If the owner of the file is not root, this is a finding.

Fix Text

Change the owner of the /etc/hosts.lpd (or equivalent, such as /etc/lp/Systems) to root.

Procedure:
# chown root <print service file>