Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-922 | GEN002220 | SV-38846r1_rule | ECLP-1 | High |
Description |
---|
Shells with world/group write permissions give the ability to maliciously modify the shell to obtain unauthorized access. |
STIG | Date |
---|---|
AIX 5.3 SECURITY TECHNICAL IMPLEMENTATION GUIDE | 2014-10-03 |
Check Text ( C-37839r1_chk ) |
---|
Obtain a list of system shells from /etc/security/login.cfg and check the permissions of these shells. Procedure: #grep shells /etc/security/login.cfg | grep -v \* | cut -f 2 -d = | sed s/,/\ /g | xargs -n1 ls -l If any shell has a mode more permissive than 0755, this is a finding. Obtain a list of system shells from /etc/shells and check the ownership of these shells. Procedure: #cat /etc/shells | xargs -n1 ls -l If any shell has a mode more permissive than 0755, this is a finding. |
Fix Text (F-33102r1_fix) |
---|
Change the mode of the shell. # chmod 0755 < shell > |