Local initialization files must not have extended ACLs.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-22362	GEN001890	SV-37271r1_rule	ECLP-1	Medium

Description
Local initialization files are used to configure the user's shell environment upon login. Malicious modification of these files could compromise accounts upon logon.

STIG	Date
Red Hat Enterprise Linux 5 Security Technical Implementation Guide	2017-03-01

Details

Check Text ( C-35963r1_chk )
Check user home directories for local initialization files with extended ACLs. # cut -d : -f 6 /etc/passwd \| xargs -n1 -IDIR ls -alL DIR/.bashrc DIR/.bash_login DIR/.bash_logout DIR/.bash_profile DIR/.cshrc DIR/.kshrc DIR/.login DIR/.logout DIR/.profile DIR/.env DIR/.dtprofile DIR/.dispatch DIR/.emacs DIR/.exrc If the permissions include a '+', the file has an extended ACL. If the file has an extended ACL and it has not been documented with the IAO, this is a finding.

Check Text ( C-35963r1_chk )

Check user home directories for local initialization files with extended ACLs.
# cut -d : -f 6 /etc/passwd | xargs -n1 -IDIR ls -alL DIR/.bashrc DIR/.bash_login DIR/.bash_logout DIR/.bash_profile DIR/.cshrc DIR/.kshrc DIR/.login DIR/.logout DIR/.profile DIR/.env DIR/.dtprofile DIR/.dispatch DIR/.emacs DIR/.exrc
If the permissions include a '+', the file has an extended ACL. If the file has an extended ACL and it has not been documented with the IAO, this is a finding.

Fix Text (F-31219r1_fix)
Remove the extended ACL from the file. # setfacl --remove-all