UCF STIG Viewer Logo

All shell files must have mode 0755 or less permissive.


Overview

Finding ID Version Rule ID IA Controls Severity
V-922 GEN002220 SV-38846r1_rule ECLP-1 High
Description
Shells with world/group write permissions give the ability to maliciously modify the shell to obtain unauthorized access.
STIG Date
AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE 2018-09-18

Details

Check Text ( C-37839r1_chk )
Obtain a list of system shells from /etc/security/login.cfg and check the permissions of these shells.
Procedure:
#grep shells /etc/security/login.cfg | grep -v \* | cut -f 2 -d = | sed s/,/\ /g | xargs -n1 ls -l
If any shell has a mode more permissive than 0755, this is a finding.

Obtain a list of system shells from /etc/shells and check the ownership of these shells.
Procedure:
#cat /etc/shells | xargs -n1 ls -l

If any shell has a mode more permissive than 0755, this is a finding.
Fix Text (F-33102r1_fix)
Change the mode of the shell.
# chmod 0755 < shell >