UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

All shell files must not have extended ACLs.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22366 GEN002230 SV-37405r1_rule ECLP-1 Medium
Description
Shells with world/group write permissions give the ability to maliciously modify the shell to obtain unauthorized access.
STIG Date
Red Hat Enterprise Linux 5 Security Technical Implementation Guide 2016-12-16

Details

Check Text ( C-36088r1_chk )
If /etc/shells exists, check the permissions of each shell referenced.
# cat /etc/shells | xargs -n1 ls -lL

Otherwise, check any shells found on the system.
# find / -name "*sh" | xargs -n1 ls -lL

If the permissions include a '+', the file has an extended ACL. If the file has an extended ACL and it has not been documented with the IAO, this is a finding.
Fix Text (F-31335r1_fix)
Remove the extended ACL from the file.
# setfacl --remove-all [shell]