STIGQter STIGQter: STIG Summary: VMware ESX 3 Server Version: 1 Release: 2 Benchmark Date: 22 Jul 2016: All local initialization files' executable search paths must contain only absolute paths.

DISA Rule

SV-12487r4_rule

Vulnerability Number

V-11986

Group Title

GEN001900

Rule Version

GEN001900

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Edit the local initialization file(s) and remove the relative path entry from the PATH variable.

Check Contents

NOTE: The following must be done in the BASH shell.

Examine the PATH variable contained in any user's local initialization files to ensure the use of only absolute paths, using a command shell that supports the use of ~USER as USER's home directory.

# cat /etc/passwd | cut -f 1,1 -d ":" | xargs -n1 -IUSER sh -c 'grep -i PATH ~USER/.*'

The PATH variable is a colon-delimited directory list.

If there is an empty entry, such as a leading or trailing colon, or two consecutive colons, this is a finding.

If an entry begins with a character other than a slash (/) or other than "$PATH", it is a relative path and this is a finding.

Vulnerability Number

V-11986

Documentable

False

Rule Version

GEN001900

Severity Override Guidance

NOTE: The following must be done in the BASH shell.

Examine the PATH variable contained in any user's local initialization files to ensure the use of only absolute paths, using a command shell that supports the use of ~USER as USER's home directory.

# cat /etc/passwd | cut -f 1,1 -d ":" | xargs -n1 -IUSER sh -c 'grep -i PATH ~USER/.*'

The PATH variable is a colon-delimited directory list.

If there is an empty entry, such as a leading or trailing colon, or two consecutive colons, this is a finding.

If an entry begins with a character other than a slash (/) or other than "$PATH", it is a relative path and this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

1386

Comments