Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-4087 | GEN001940 | SV-37433r2_rule | DCSW-1 | Medium |
Description |
---|
If start-up files execute world-writable programs, especially in unprotected directories, they could be maliciously modified to become trojans that destroy user files or otherwise compromise the system at the user, or higher, level. If the system is compromised at the user level, it is much easier to eventually compromise the system at the root and network level. |
STIG | Date |
---|---|
Red Hat Enterprise Linux 5 Security Technical Implementation Guide | 2015-03-12 |
Check Text ( C-36012r5_chk ) |
---|
Determine the world writable files on the system (Note: ignore all files under /proc): # find / -perm -002 –a –type f –exec ls –ld {} \; | # find / -perm -002 –a –type d –exec ls –ld {} \; | View the password file to determine where the home directories for users: # more /etc/passwd Once the directory for the human users is determined grep for the lists of world writable files and directories within the users’ home directories. An example would be: # grep /opt/app/bin/daemon /home/*/.* Where /home is the directory for the human users on the system and /opt/app/bin/daemon is a world writable file. |
Fix Text (F-31263r2_fix) |
---|
Remove the world-writable permission of files referenced by local initialization scripts, or remove the references to these files in the local initialization scripts. |