GEN001800 - All skeleton files (typically those in /etc/skel) must have mode 0644 or less permissive - '/etc/security/.profile'

Information

If the skeleton files are not protected, unauthorized personnel could change user startup parameters and possibly jeopardize user files.

Solution

Change the mode of skeleton files with incorrect mode.
# chmod 0644 /etc/security/.profile
# chmod 0755 /etc/security/mkuser.sys

See Also

http://iasecontent.disa.mil/stigs/zip/U_STIG_Library_2015_07.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6, CAT|II, CCI|CCI-000225, Rule-ID|SV-38735r1_rule, STIG-ID|GEN001800, Vuln-ID|V-788

Plugin: Unix

Control ID: 84fd099552bb5d357eefea9e8674e4bf9910e681dff0d0a55979f639853b45cd