dccce1d5cc
This patch gets the docs adjusted to work with the new RHEL 7 STIG version 1 release. The new STIG release has changed all of the numbering, but it maintains a link to (most) of the old STIG IDs in the XML. Closes-bug: 1676865 Change-Id: I65023fe63163c9804a3aec9dcdbf23c69bedb604
27 lines
797 B
ReStructuredText
27 lines
797 B
ReStructuredText
---
|
|
id: V-71849
|
|
status: opt-in
|
|
tag: file_perms
|
|
---
|
|
|
|
.. note::
|
|
|
|
Ubuntu's ``debsums`` command does not support verification of permissions
|
|
and ownership for files that were installed by packages. This STIG
|
|
requirement will be skipped on Ubuntu.
|
|
|
|
The STIG requires that all files owned by an installed package must have their
|
|
permissions, user ownership, and group ownership set back to the vendor
|
|
defaults.
|
|
|
|
Although this is a good practice, it can cause issues if permissions or
|
|
ownership were intentionally set after the packages were installed. It also
|
|
causes significant delays in deployments. Therefore, this STIG is not applied
|
|
by default.
|
|
|
|
Deployers may opt in for the change by setting the following Ansible variable:
|
|
|
|
.. code-block:: yaml
|
|
|
|
security_reset_perm_ownership: yes
|