STIGQter: STIG Summary: Red Hat Enterprise Linux 7 Security Technical Implementation Guide Version: 3 Release: 3 Benchmark Date: 23 Apr 2021:

The Red Hat Enterprise Linux operating system must be configured so that local initialization files do not execute world-writable programs.

DISA Rule

SV-204478r603261_rule

Vulnerability Number

V-204478

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

RHEL-07-020730

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Set the mode on files being executed by the local initialization files with the following command:

# chmod 0755 <file>

Check Contents

Verify that local initialization files do not execute world-writable programs.

Check the system for world-writable files with the following command:

# find / -xdev -perm -002 -type f -exec ls -ld {} \; | more

For all files listed, check for their presence in the local initialization files with the following commands:

Note: The example will be for a system that is configured to create users' home directories in the "/home" directory.

# grep <file> /home/*/.*

If any local initialization files are found to reference world-writable files, this is a finding.

Vulnerability Number

V-204478

Documentable

False

Rule Version

RHEL-07-020730

Severity Override Guidance

Verify that local initialization files do not execute world-writable programs.

Check the system for world-writable files with the following command:

# find / -xdev -perm -002 -type f -exec ls -ld {} \; | more

For all files listed, check for their presence in the local initialization files with the following commands:

Note: The example will be for a system that is configured to create users' home directories in the "/home" directory.

# grep <file> /home/*/.*

If any local initialization files are found to reference world-writable files, this is a finding.

Check Content Reference

M

Target Key

2899

Comments