Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
All shell files must not have extended ACLs.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22366 | GEN002230 | SV-38744r1_rule | ECLP-1 | Medium |
| Description |
|---|
| Shells with world/group write permissions give the ability to maliciously modify the shell to obtain unauthorized access. |
| STIG | Date |
|---|---|
| AIX 5.3 Security Technical Implementation Guide | 2012-05-25 |
Details
| Check Text ( C-37243r1_chk ) |
|---|
| Check the permissions of each shell referenced in /etc/shells. Procedure: # cat /etc/shells For each shell listed, run aclget #aclget Check the permissions of each shell referenced in /etc/security/login.cfg. Procedure: #grep shells /etc/security/login.cfg For each shell listed, run aclget # aclget Otherwise, check any shells found on the system. # find / -name "*sh #aclget If extended permissions are enabled on any shell, this is a finding. |
| Fix Text (F-32458r1_fix) |
|---|
| Remove the extended ACL from the shell file(s) and disable extended permissions. #acledit |