GEN001880 - All local initialization files must have mode 0740 or less permissive - '~/.bash_logout'

Information

Local initialization files are used to configure the user's shell environment upon login. Malicious modification of these files could compromise accounts upon logon.

Solution

Ensure user startup files have permissions of 0740 or more restrictive. Examine each user's home directory and verify all file names beginning with '.' have access permissions of 0740 or more restrictive. If they do not, use the chmod command to correct the vulnerability.

Procedure:
# chmod 0740 .filename

NOTE: The period is part of the file name and is required.

See Also

https://iasecontent.disa.mil/stigs/zip/U_AIX_6-1_V1R14_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6, CAT|II, CCI|CCI-000225, Group-ID|V-905, Rule-ID|SV-905r2_rule, STIG-ID|GEN001880, Vuln-ID|V-905

Plugin: Unix

Control ID: 07d2a452fa23b1378235aefdb45ecd1d409bd420deefca0f125fa359daf7994e