Detections
Analytics
GEN001870 - Local initialization files must be group-owned by the users primary group or root.
Information
Local initialization files are used to configure the user's shell environment upon login. Malicious modification of these files could compromise accounts upon logon.Solution
Change the group-owner of the local initialization file to the user's primary group, or root.# chgrp <user's primary GID> <user's local initialization file>
Procedure:
# FILES='.bashrc .bash_login .bash_logout .bash_profile .cshrc .kshrc .login .logout .profile .tcshrc .env .dtprofile .dispatch .emacs .exrc';
# for PWLINE in 'cut -d: -f4,6 /etc/passwd'; do HOMEDIR=$(echo ${PWLINE}|cut -d: -f2);GROUP=$(echo ${PWLINE} | cut -d: -f1);for INIFILE in $FILES;do MATCH=$(stat -c %g/%G:%n ${HOMEDIR}/${INIFILE} 2>null|egrep -c -v '${GROUP}');if [ $MATCH != 0 ] ; then chgrp ${GROUP} ${HOMEDIR}/${INIFILE};fi;done;done
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_5_V2R1_STIG.zip
Item Details
Audit Name: DISA STIG for Oracle Linux 5 v2r1
Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT
References: 800-53|AC-6, 800-53|CM-5(6), CAT|II, CCI|CCI-000225, CCI|CCI-001499, Rule-ID|SV-218338r603259_rule, STIG-ID|GEN001870, STIG-Legacy|SV-63343, STIG-Legacy|V-22361, Vuln-ID|V-218338
Plugin: Unix
Control ID: 8ae0cd4411908d96b060b896124526ea11317c6b2c204cbe4597275a122d605b