STIGQter: STIG Summary: Solaris 10 SPARC Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

User start-up files must not execute world-writable programs.

DISA Rule

SV-226559r603265_rule

Vulnerability Number

V-226559

Group Title

SRG-OS-000480

Rule Version

GEN001940

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Remove the world-writable permission of files referenced by local initialization scripts, or remove the references to these files in the local initialization scripts.

Check Contents

Check local initialization files for any executed world-writable programs or scripts.

Procedure:
# find / -perm -002 -type f | egrep -v '^(/proc|/system/contract)' > wwlist
# fgrep -f wwlist /<usershomedirectory>/.*

If any local initialization file executes a world-writable program or script, this is a finding.

Vulnerability Number

V-226559

Documentable

False

Rule Version

GEN001940

Severity Override Guidance

Check local initialization files for any executed world-writable programs or scripts.

Procedure:
# find / -perm -002 -type f | egrep -v '^(/proc|/system/contract)' > wwlist
# fgrep -f wwlist /<usershomedirectory>/.*

If any local initialization file executes a world-writable program or script, this is a finding.

Check Content Reference

M

Target Key

4060

Comments