Vulnerability findings - writable files exist on harvest broker server

book

Article ID: 223348

calendar_today

Updated On:

Products

CA Harvest Software Change Manager

Issue/Introduction

Our security team performed vulnerability scan and report shows “World writable files exist” related findings on our Harvest broker server - 

"World writable files were found on the system. A file that can be written by any user on the system could be a serious security flaw."

All listed files came from installation in folders $RTHOME/bin, $RTHOME/bin/i86_64_linux24, $RTHOME/lib/i86_64_linux24.  Do they require world-writable permissions to perform correctly? Please let me know what options do we have.

Environment

Release : 13.0.3

Component : CA HARVEST SCM INFRASTRUCTURE (BROKER/AGENT/PEC/SECURITY

Resolution

We have not found any issues with making the files in those folders read-only.  If you change the permission level to “700” would that help to clear the vulnerability exceptions.