STIGQter STIGQter: STIG Summary: Solaris 10 X86 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

Local initialization files must be group-owned by the user's primary group or root.

DISA Rule

SV-220088r603266_rule

Vulnerability Number

V-220088

Group Title

SRG-OS-000480

Rule Version

GEN001870

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Change the group-owner of the local initialization file to the user's primary group, or root.
# chgrp [USER's primary GID] ~USER/[local initialization file]

Check Contents

Check user home directories for local initialization files group-owned by a group other than the user's primary group or root.
1. List user accounts and their primary GID.
# cut -d : -f 1,4 /etc/passwd

2. Check local initialization files for each user.
# ls -al /<usershomedirectory>/.login
# ls -al /<usershomedirectory>/.cshrc
# ls -al /<usershomedirectory>/.logout
# ls -al /<usershomedirectory>/.profile
# ls -al /<usershomedirectory>/.bash_profile
# ls -al /<usershomedirectory>/.bashrc
# ls -al /<usershomedirectory>/.bash_logout
# ls -al /<usershomedirectory>/.env
# ls -al /<usershomedirectory>/.dtprofile
# ls -al /<usershomedirectory>/.dispatch
# ls -al /<usershomedirectory>/.emacs
# ls -al /<usershomedirectory>/.exrc
# find /<usershomedirectory>/.dt ! -fstype nfs ! -group <primary_group> -exec ls -ld {} \;

3. If any file is not group-owned by root or the user's primary GID, this is a finding.

Vulnerability Number

V-220088

Documentable

False

Rule Version

GEN001870

Severity Override Guidance

Check user home directories for local initialization files group-owned by a group other than the user's primary group or root.
1. List user accounts and their primary GID.
# cut -d : -f 1,4 /etc/passwd

2. Check local initialization files for each user.
# ls -al /<usershomedirectory>/.login
# ls -al /<usershomedirectory>/.cshrc
# ls -al /<usershomedirectory>/.logout
# ls -al /<usershomedirectory>/.profile
# ls -al /<usershomedirectory>/.bash_profile
# ls -al /<usershomedirectory>/.bashrc
# ls -al /<usershomedirectory>/.bash_logout
# ls -al /<usershomedirectory>/.env
# ls -al /<usershomedirectory>/.dtprofile
# ls -al /<usershomedirectory>/.dispatch
# ls -al /<usershomedirectory>/.emacs
# ls -al /<usershomedirectory>/.exrc
# find /<usershomedirectory>/.dt ! -fstype nfs ! -group <primary_group> -exec ls -ld {} \;

3. If any file is not group-owned by root or the user's primary GID, this is a finding.

Check Content Reference

M

Target Key

4061

Comments