UCF STIG Viewer Logo

All run control scripts must have no extended ACLs.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22353 GEN001590 SV-26459r1_rule ECLP-1 Medium
Description
If the startup files are writable by other users, they could modify the startup files to insert malicious commands into the startup files.
STIG Date
Solaris 9 X86 Security Technical Implementation Guide 2013-07-02

Details

Check Text ( C-27524r1_chk )
Verify run control scripts have no extended ACLs.
# ls -lL /etc/rc* /etc/init.d
If the permissions include a "+", the file has an extended ACL and this is a finding.
Fix Text (F-23651r1_fix)
Remove the extended ACL from the file.
# getfacl [run control script with extended ACL]
Remove each ACE returned.
# setfacl -d [ACE] [run control script with extended ACL]