UCF STIG Viewer Logo

All skeleton files (typically those in /etc/skel) must have mode 0644 or less permissive.


Overview

Finding ID Version Rule ID IA Controls Severity
V-788 GEN001800 SV-38735r1_rule ECLP-1 Medium
Description
If the skeleton files are not protected, unauthorized personnel could change user startup parameters and possibly jeopardize user files.
STIG Date
AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE 2018-09-18

Details

Check Text ( C-37165r1_chk )
Check skeleton files permissions.

Procedure:
# ls -l /etc/security/.profile

If a skeleton file has a mode more permissive than 0644, this is a finding.
Check the mkuser.sys file. The /etc/security/mkuser.sys is a script containing items used in creation of users' ~/.profile files. This script needs to be both protected from unauthorized modification, but also needs to be executable, therefore the permissions need to be at the mode of 755.
#ls -l /etc/security/mkuser.sys
If the mkuser.sys file has a mode more permissive than 0755, this is a finding.
Fix Text (F-32450r1_fix)
Change the mode of skeleton files with incorrect mode.
# chmod 0644 /etc/security/.profile
#chmod 0755 /etc/security/mkuser.sys