UCF STIG Viewer Logo

All shell files must not have extended ACLs.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22366 GEN002230 SV-26491r1_rule ECLP-1 Medium
Description
Shells with world/group write permissions give the ability to maliciously modify the shell to obtain unauthorized access.
STIG Date
SOLARIS 9 X86 SECURITY TECHNICAL IMPLEMENTATION GUIDE 2015-10-01

Details

Check Text ( C-27549r1_chk )
If /etc/shells exists, check the permissions of each shell referenced.
# cat /etc/shells | xargs -n1 ls -lL

Otherwise, check any shells found on the system.
# find / -name "*sh" | xargs -n1 ls -lL

If the permissions include a "+", the file has an extended ACL, this is a finding.
Fix Text (F-23720r1_fix)
Remove the extended ACL from the file.
# getfacl [shell]
Remove each ACE returned.
# setfacl -d [ACE] [shell]