UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

All shell files must not have extended ACLs.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22366 GEN002230 SV-38744r1_rule ECLP-1 Medium
Description
Shells with world/group write permissions give the ability to maliciously modify the shell to obtain unauthorized access.
STIG Date
Draft AIX Security Technical Implementation Guide 2011-08-17

Details

Check Text ( C-37243r1_chk )
Check the permissions of each shell referenced in /etc/shells.
Procedure:
# cat /etc/shells

For each shell listed, run aclget
#aclget

Check the permissions of each shell referenced in /etc/security/login.cfg.
Procedure:
#grep shells /etc/security/login.cfg
For each shell listed, run aclget
# aclget

Otherwise, check any shells found on the system.
# find / -name "*sh

#aclget /

If extended permissions are enabled on any shell, this is a finding.
Fix Text (F-32458r1_fix)
Remove the extended ACL from the shell file(s) and disable extended permissions.

#acledit /