STIGQter STIGQter: STIG Summary: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

All SUSE operating system local initialization files must have mode 0740 or less permissive.

DISA Rule

SV-234995r622137_rule

Vulnerability Number

V-234995

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

SLES-15-040110

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Set the mode of SUSE operating system local initialization files to "0740" with the following command:

Note: The example will be for the smithj user, who has a home directory of "/home/smithj".

> sudo chmod 0740 /home/smithj/.<INIT_FILE>

Check Contents

Verify that all SUSE operating system local initialization files have a mode of "0740" or less permissive.

Check the mode on all SUSE operating system local initialization files with the following command:

Note: The example will be for the user "smithj", who has a home directory of "/home/smithj".

> sudo ls -al /home/smithj/.* | more
-rwxr-xr-x 1 smithj users 896 Mar 10 2011 .profile
-rwxr-xr-x 1 smithj users 497 Jan 6 2007 .login
-rwxr-xr-x 1 smithj users 886 Jan 6 2007 .something

If any local initialization files have a mode more permissive than "0740", this is a finding.

Vulnerability Number

V-234995

Documentable

False

Rule Version

SLES-15-040110

Severity Override Guidance

Verify that all SUSE operating system local initialization files have a mode of "0740" or less permissive.

Check the mode on all SUSE operating system local initialization files with the following command:

Note: The example will be for the user "smithj", who has a home directory of "/home/smithj".

> sudo ls -al /home/smithj/.* | more
-rwxr-xr-x 1 smithj users 896 Mar 10 2011 .profile
-rwxr-xr-x 1 smithj users 497 Jan 6 2007 .login
-rwxr-xr-x 1 smithj users 886 Jan 6 2007 .something

If any local initialization files have a mode more permissive than "0740", this is a finding.

Check Content Reference

M

Target Key

5274

Comments