Local initialization files must not have extended ACLs.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-22362	GEN001890	SV-63537r1_rule		Medium

Description
Local initialization files are used to configure the user's shell environment upon login. Malicious modification of these files could compromise accounts upon logon.

STIG	Date
Oracle Linux 5 Security Technical Implementation Guide	2017-03-01

Details

Check Text ( C-52205r1_chk )
Check user home directories for local initialization files with extended ACLs. # cut -d : -f 6 /etc/passwd \| xargs -n1 -IDIR ls -alL DIR/.bashrc DIR/.bash_login DIR/.bash_logout DIR/.bash_profile DIR/.cshrc DIR/.kshrc DIR/.login DIR/.logout DIR/.profile DIR/.env DIR/.dtprofile DIR/.dispatch DIR/.emacs DIR/.exrc If the permissions include a '+', the file has an extended ACL. If the file has an extended ACL and it has not been documented with the IAO, this is a finding.

Check Text ( C-52205r1_chk )

Check user home directories for local initialization files with extended ACLs.
# cut -d : -f 6 /etc/passwd | xargs -n1 -IDIR ls -alL DIR/.bashrc DIR/.bash_login DIR/.bash_logout DIR/.bash_profile DIR/.cshrc DIR/.kshrc DIR/.login DIR/.logout DIR/.profile DIR/.env DIR/.dtprofile DIR/.dispatch DIR/.emacs DIR/.exrc
If the permissions include a '+', the file has an extended ACL. If the file has an extended ACL and it has not been documented with the IAO, this is a finding.

Fix Text (F-54149r2_fix)
Remove the extended ACL from the file. # setfacl --remove-all