Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-91761 | AIX7-00-002085 | SV-101859r1_rule | Medium |
Description |
---|
System binaries are executed by privileged users as well as system services, and restrictive permissions are necessary to ensure that their execution of these programs cannot be co-opted. |
STIG | Date |
---|---|
IBM AIX 7.x Security Technical Implementation Guide | 2020-02-24 |
Check Text ( C-90915r3_chk ) |
---|
Check the ownership of each user's home directory listed in the "/etc/passwd file": # cut -d: -f6 /etc/passwd | xargs ls -lLd drwxr-xr-x 21 root system 4096 Jan 29 09:58 / drwxr-xr-x 4 bin bin 45056 Jan 24 12:31 /bin drwxr-xr-x 2 doejohn staff 256 Jan 25 13:18 /home/doejohn drwxr-xr-x 2 sshd system 256 Aug 11 2017 /home/srvproxy drwx------ 2 root system 256 Jan 30 12:54 /root drwxrwxr-x 4 bin bin 256 Mar 23 2017 /usr/sys drwxrwxr-x 15 root adm 4096 Jan 24 12:26 /var/adm drwxr-xr-x 6 root system 4096 Jan 24 07:34 /var/adm/invscout drwxr-xr-x 8 esaadmin system 256 Jan 24 09:02 /var/esa If any user's home directory is not owned by the assigned user, this is a finding. |
Fix Text (F-97959r1_fix) |
---|
Change the owner of a user's home directory to its assigned user using command: # chown |