GEN001820 - All skeleton files and directories (typically in /etc/skel) must be owned by root or bin - '/etc/security/.profile'

Information

If the skeleton files are not protected, unauthorized personnel could change user startup parameters and possibly jeopardize user files. Failure to give ownership of sensitive files or utilities to root or bin provides the designated owner and unauthorized users with the potential to access sensitive information or change the system configuration which could weaken the system's security posture.

Solution

Change the ownership of skeleton files with incorrect mode.
# chown root /etc/security/.profile /etc/security/mkuser.sys

See Also

http://iasecontent.disa.mil/stigs/zip/U_STIG_Library_2015_07.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6, CAT|II, CCI|CCI-000225, Rule-ID|SV-38737r1_rule, STIG-ID|GEN001820, Vuln-ID|V-11984

Plugin: Unix

Control ID: 2d5d38d3467352956f9a26acda847c7cc654c81a0ce64fb5726d84c6efefcd7f