STIGQter STIGQter: STIG Summary: Oracle Linux 5 Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 26 Oct 2018: User start-up files must not execute world-writable programs.

DISA Rule

SV-63573r3_rule

Vulnerability Number

V-4087

Group Title

GEN001940

Rule Version

GEN001940

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Remove the world-writable permission of files referenced by local initialization scripts, or remove the references to these files in the local initialization scripts.

Check Contents

Determine the world writable files on the system (Note: ignore all files under /proc):

# find / -perm -002 -a -type f -exec ls -ld {} \; | <more or redirect the output to a file>

# find / -perm -002 -a -type d -exec ls -ld {} \; | <more or redirect the output to a file>

View the password file to determine where the home directories for users are:

# more /etc/passwd

Once the directory for the human users is determined, grep for the lists of world writable files and directories within the users’ home directories.

An example would be:

# grep /opt/app/bin/daemon /home/*/.*

where /home is the directory for the human users on the system and /opt/app/bin/daemon is a world writable file.

Vulnerability Number

V-4087

Documentable

False

Rule Version

GEN001940

Severity Override Guidance

Determine the world writable files on the system (Note: ignore all files under /proc):

# find / -perm -002 -a -type f -exec ls -ld {} \; | <more or redirect the output to a file>

# find / -perm -002 -a -type d -exec ls -ld {} \; | <more or redirect the output to a file>

View the password file to determine where the home directories for users are:

# more /etc/passwd

Once the directory for the human users is determined, grep for the lists of world writable files and directories within the users’ home directories.

An example would be:

# grep /opt/app/bin/daemon /home/*/.*

where /home is the directory for the human users on the system and /opt/app/bin/daemon is a world writable file.

Check Content Reference

M

Responsibility

System Administrator

Target Key

2207

Comments