All global initialization files must not have extended ACLs.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22356 | GEN001730 | SV-37279r1_rule | ECLP-1 | Medium |
| Description |
|---|
| Global initialization files are used to configure the user's shell environment upon login. Malicious modification of these files could compromise accounts upon logon. |
| STIG | Date |
|---|---|
| Red Hat Enterprise Linux 5 Security Technical Implementation Guide | 2017-03-01 |
Details
| Check Text ( C-35970r1_chk ) |
|---|
| Check global initialization files for extended ACLs: # ls -l /etc/bashrc /etc/csh.cshrc /etc/csh.login /etc/csh.logout /etc/environment /etc/ksh.kshrc /etc/profile /etc/suid_profile /etc/profile.d/* 2>null|grep "\+ " If the permissions include a '+', the file has an extended ACL. If the file has an extended ACL and it has not been documented with the IAO, this is a finding. |
| Fix Text (F-31225r1_fix) |
|---|
| Remove the extended ACL from the file. # ls -l etc/bashrc /etc/csh.cshrc /etc/csh.login /etc/csh.logout /etc/environment /etc/ksh.kshrc /etc/profile /etc/suid_profile /etc/profile.d/* 2>null|grep "\+ "|sed "s/^.* \///g"|xargs setfacl --remove-all |