UNCLASSIFIED - NO CUI

Skip to content

OpenSCAP Finding: Ensure No World-Writable Files Exist

When this image has been deployed to a host system, the host no longer passes the OpenSCAP rule Ensure No World-Writable Files Exist. These files need to have the world write flag removed prior to image creation.

Rule: xccdf_org.ssgproject.content_rule_file_permissions_unauthorized_world_writable

Oval Definition ID: xccdf_org.ssgproject.content_rule_file_permissions_unauthorized_world_writable

Affected Files:

  • /var/lib/docker/overlay2/bd9d433ecd21c83022c6fcc7b74b6f6b49d14018e393f81540696359b5481271/diff/etc/pki/ca-trust/source/anchors/Certificates_PKCS7_v5.7_DoD.pem
  • /var/lib/docker/overlay2/69263ad34c542edfc51231f0aa50ed32101491e4b26b7af311153ba4c6652140/diff/etc/nginx/nginx.conf
  • /var/lib/docker/overlay2/69263ad34c542edfc51231f0aa50ed32101491e4b26b7af311153ba4c6652140/diff/docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
  • /var/lib/docker/overlay2/69263ad34c542edfc51231f0aa50ed32101491e4b26b7af311153ba4c6652140/diff/docker-entrypoint.d/30-tune-worker-processes.sh
  • /var/lib/docker/overlay2/69263ad34c542edfc51231f0aa50ed32101491e4b26b7af311153ba4c6652140/diff/docker-entrypoint.d/20-envsubst-on-templates.sh
  • /var/lib/docker/overlay2/69263ad34c542edfc51231f0aa50ed32101491e4b26b7af311153ba4c6652140/diff/docker-entrypoint.sh
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI