Information
The user configuration files in each home directory e.g. $HOME/.profile must not be group or world writable.
Group or world-writable user configuration files may enable malicious users to steal or modify other user's data, or to gain elevated privileges.
Solution
Search and remediate any user configuration files which have group or world writable access:
lsuser -a home ALL |cut -f2 -d= |egrep -v "^/$|/etc|/bin|/var|/usr|/usr/sys" |while read homedir;
do
if [[ -d ${homedir} ]];
then
echo "Removing 'go-w' from all user confguration files in '${homedir}'"
ls -a ${homedir} |egrep "^.[a-z]" |while read file;
do
if [[ -f "${homedir}/${file}" ]];
then
echo "Running 'chmod go-w' on '${homedir}/${file}'"
chmod go-w "${homedir}/${file}"
fi
done
else
echo "ERROR - no home directory for '${homedir}'"
fi
done
NOTE: The permission change is automatically applied