All global initialization file executable search paths must contain only absolute paths.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-215416 | AIX7-00-003120 | SV-215416r508663_rule | Medium |
| Description |
|---|
| Failure to restrict system access to authenticated users negatively impacts operating system security. |
| STIG | Date |
|---|---|
| IBM AIX 7.x Security Technical Implementation Guide | 2021-06-16 |
Details
| Check Text ( C-16614r294699_chk ) |
|---|
| Check the global initialization files' executable search paths using: # grep -i PATH /etc/profile /etc/bashrc /etc/csh.login /etc/csh.cshrc /etc/environment /etc/.login /etc/security/environ /etc/environment:PATH=/usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin:/usr/java7_64/jre/bin:/usr/java7_64/bin /etc/environment:LOCPATH=/usr/lib/nls/loc /etc/environment:NLSPATH=/usr/lib/nls/msg/%L/%N:/usr/lib/nls/msg/%L/%N.cat:/usr/lib/nls/msg/%l.%c/%N:/usr/lib/nls/msg/%l.%c/%N.cat This variable is formatted as a colon-separated list of directories. If there is an empty entry, such as a leading or trailing colon, or two consecutive colons, this is a finding. If an entry begins with a character other than a slash (/) or other than "$PATH", it is a relative path, and this is a finding. |
| Fix Text (F-16612r294700_fix) |
|---|
| Edit the global initialization file(s) with "PATH" variables containing relative paths. Edit the file and remove the relative path from the PATH variable. |