BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
Aasth
Quartz | Level 8

 We are seeing rapid 7 vulnerabilities on our sas servers for the following world writable files. Can the permissions of this files be changed without any impact to the services running?

 

* /sas/install/SASHome/Secure/sasexe/libccme_asym.so (-rwxrwxrwx)

 

 * /sas/install/SASHome/Secure/sasexe/libccme_base.so (-rwxrwxrwx)

 

 * /sas/install/SASHome/Secure/sasexe/libccme_base_non_fips.so (-rwxrwxrwx)

 

*/sas/install/SASHome/Secure/sasexe/libccme_ecc.so (-rwxrwxrwx)

 

 * /sas/install/SASHome/Secure/sasexe/libccme_ecc_accel_fips.so (-rwxrwxrwx)

 

 * /sas/install/SASHome/Secure/sasexe/libccme_ecc_accel_non_fips.so (-rwxrwxrwx)

 

 * /sas/install/SASHome/Secure/sasexe/libccme_ecc_non_fips.so (-rwxrwxrwx)

 

 * /sas/install/SASHome/Secure/sasexe/libccme_ecdrbg.so (-rwxrwxrwx)

 

 * /sas/install/SASHome/Secure/sasexe/libccme_error_info.so (-rwxrwxrwx)

 

 * /sas/install/SASHome/Secure/sasexe/libcryptocme.so (-rwxrwxrwx)

* /sas/install/gms_install/gms8.0.1_install/Install.log (-rw-rw-rw-)

 

 * /sas/install/lsf/gms/log/gabd.log (-rw-rw-rw-)

 

 * /sas/install/lsf/gms/log/gabd.log.back (-rw-rw-rw-)

 

 * /sas/install/lsf/log/Install.log (-rw-rw-rw-)

 

 * /sas/install/lsf/log/res.log.nlr1sasdev1.abcbs.net (-rw-rw-rw-)

 

* /sas/install/pm/9.1/install/Install.log (-rw-rw-rw-)

 

 * /sas/install/pm_install/pm9.1.3.0_sas_pinstall/lsf9.1.3_lsfinstall/Install.err (-rw-rw-rw-)

 

 * /sas/install/pm_install/pm9.1.3.0_sas_pinstall/lsf9.1.3_lsfinstall/Install.log (-rw-rw-rw-)

 

 * /sas/install/pm_install/pm9.1.3.0_sas_pinstall/pm9.1.3.0_install/Install.err (-rw-rw-rw-)

 

 * /sas/install/pm_install/pm9.1.3.0_sas_pinstall/pm9.1.3.0_install/Install.log (-rw-rw-rw

 

1 ACCEPTED SOLUTION

Accepted Solutions
doug_sas
SAS Employee

libccme_* files should have 555 since they are read-only shared libraries.


Logs can have 770.

View solution in original post

4 REPLIES 4
doug_sas
SAS Employee

The libccme_* libraries can have all write bits turned off.

 

Install logs generally only need the write bit set for the user (i.e., the SAS install user or in this case the LSF/PM installer).

 

The LSF/PM operational logs need to have the user write bit set for the user running the daemon. Sometimes that is root and other times it is the primary grid administrator.

Aasth
Quartz | Level 8

Thank you for the response. In that case is 770 safe bet for all the listed files?

doug_sas
SAS Employee

libccme_* files should have 555 since they are read-only shared libraries.


Logs can have 770.

Aasth
Quartz | Level 8

Thank you!

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

CLI in SAS Viya

Learn how to install the SAS Viya CLI and a few commands you may find useful in this video by SAS’ Darrell Barton.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 4 replies
  • 1992 views
  • 0 likes
  • 2 in conversation