The Red Hat Enterprise Linux operating system must be configured so that all local initialization files for interactive users are owned by the home directory user or root.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-204474 | RHEL-07-020690 | SV-204474r603834_rule | Medium |
| Description |
|---|
| Local initialization files are used to configure the user's shell environment upon logon. Malicious modification of these files could compromise accounts upon logon. |
| STIG | Date |
|---|---|
| Red Hat Enterprise Linux 7 Security Technical Implementation Guide | 2022-09-12 |
Details
| Check Text ( C-4598r622297_chk ) |
|---|
| Verify the local initialization files of all local interactive users are owned by that user. Check the home directory assignment for all non-privileged users on the system with the following command: Note: The example will be for the smithj user, who has a home directory of "/home/smithj". # awk -F: '($3>=1000)&&($7 !~ /nologin/){print $1, $3, $6}' /etc/passwd smithj 1000 /home/smithj Note: This may miss interactive users that have been assigned a privileged User Identifier (UID). Evidence of interactive use may be obtained from a number of log files containing system logon information. Check the owner of all local interactive user's initialization files with the following command: # ls -al /home/smithj/.[^.]* | more -rwxr-xr-x 1 smithj users 896 Mar 10 2011 .profile -rwxr-xr-x 1 smithj users 497 Jan 6 2007 .login -rwxr-xr-x 1 smithj users 886 Jan 6 2007 .something If all local interactive user's initialization files are not owned by that user or root, this is a finding. |
| Fix Text (F-4598r462464_fix) |
|---|
| Set the owner of the local initialization files for interactive users to either the directory owner or root with the following command: Note: The example will be for the smithj user, who has a home directory of "/home/smithj". # chown smithj /home/smithj/.[^.]* |