GEN001810 - Skeleton files must not have extended ACLs - '/etc/security/.profile'

Information

If the skeleton files are not protected, unauthorized personnel could change user startup parameters and possibly jeopardize user files.

Solution

Remove the extended ACL from the skeleton file(s) and disable extended permissions.
#acledit /etc/security/.profile
#acledit /etc/security/mkuser.sys

See Also

http://iasecontent.disa.mil/stigs/zip/U_STIG_Library_2015_07.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6, CAT|II, CCI|CCI-000225, Rule-ID|SV-38736r1_rule, STIG-ID|GEN001810, Vuln-ID|V-22357

Plugin: Unix

Control ID: 85eaea29d685fe6f1a0c3f905424d8e6ce0d61e39bd80cfd7a72ff1ccb1077d5