Local initialization files must be group-owned by the user's primary group or root.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-22361	GEN001870	SV-34926r1_rule	ECLP-1	Medium

Description
Local initialization files are used to configure the user's shell environment upon login. Malicious modification of these files could compromise accounts upon logon.

STIG	Date
HP-UX 11.23 Security Technical Implementation Guide	2015-06-12

Details

Check Text ( C-36389r2_chk )
Check user home directories for local initialization files group-owned by a group other than the user's primary group or root. 1. List user accounts and their primary GID. # cat /etc/passwd \| cut -f 1,4 -d ":" 2. Check local initialization files for each user. Field #1 above is USER and Field #4 is the user's GID. # ls -alL ~USER/.login ~USER/.cshrc ~USER/.logout ~USER/.profile ~USER/.bash_profile ~USER/.bashrc ~USER/.bash_logout ~USER/.env ~USER/.dtprofile ~USER/.dispatch ~USER/.emacs ~USER/.exrc 3. If any file is not group-owned by root or the user's primary GID, this is a finding.

Check Text ( C-36389r2_chk )

Check user home directories for local initialization files group-owned by a group other than the user's primary group or root.

1. List user accounts and their primary GID.
# cat /etc/passwd | cut -f 1,4 -d ":"

2. Check local initialization files for each user. Field #1 above is USER and Field #4 is the user's GID.
# ls -alL ~USER/.login ~USER/.cshrc ~USER/.logout ~USER/.profile ~USER/.bash_profile ~USER/.bashrc ~USER/.bash_logout ~USER/.env ~USER/.dtprofile ~USER/.dispatch ~USER/.emacs ~USER/.exrc

3. If any file is not group-owned by root or the user's primary GID, this is a finding.

Fix Text (F-31730r1_fix)
Change the group-owner of the local initialization file to the user's primary group or root. # chgrp [USER's primary GID] ~USER/[local initialization file]