STIGQter STIGQter: STIG Summary: SLES 12 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

All SUSE operating system local interactive user initialization files executable search paths must contain only paths that resolve to the users home directory.

DISA Rule

SV-217176r603262_rule

Vulnerability Number

V-217176

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

SLES-12-010770

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Edit the SUSE operating system local interactive user initialization files to change any PATH variable statements for executables that reference directories other than their home directory. If a local interactive user requires path variables to reference a directory owned by the application, it must be documented with the ISSO.

Check Contents

Verify that all SUSE operating system local interactive user initialization files executable search path statements do not contain statements that will reference a working directory other than the user's home directory.

Check the executable search path statement for all operating system local interactive user initialization files in the users' home directory with the following commands:

Note: The example will be for the user "smithj", who has a home directory of "/home/smithj".

# sudo grep -i path /home/smithj/.*
/home/smithj/.bash_profile:PATH=$PATH:$HOME/.local/bin:$HOME/bin
/home/smithj/.bash_profile:export PATH

If any local interactive user initialization files have executable search path statements that include directories outside of their home directory, and the additional path statements are not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.

Vulnerability Number

V-217176

Documentable

False

Rule Version

SLES-12-010770

Severity Override Guidance

Verify that all SUSE operating system local interactive user initialization files executable search path statements do not contain statements that will reference a working directory other than the user's home directory.

Check the executable search path statement for all operating system local interactive user initialization files in the users' home directory with the following commands:

Note: The example will be for the user "smithj", who has a home directory of "/home/smithj".

# sudo grep -i path /home/smithj/.*
/home/smithj/.bash_profile:PATH=$PATH:$HOME/.local/bin:$HOME/bin
/home/smithj/.bash_profile:export PATH

If any local interactive user initialization files have executable search path statements that include directories outside of their home directory, and the additional path statements are not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.

Check Content Reference

M

Target Key

4033

Comments