Detections
Analytics
GEN001870 - Local initialization files must be group-owned by the user's primary group or root.
Information
Local initialization files are used to configure the user's shell environment upon login. Malicious modification of these files could compromise accounts upon logon.Solution
Change the group-owner of the local initialization file to the user's primary group, or root.# chgrp <user's primary GID> <user's local initialization file>
Procedure:
# FILES='.bashrc .bash_login .bash_logout .bash_profile .cshrc .kshrc .login .logout .profile .tcshrc .env .dtprofile .dispatch .emacs .exrc';
# for PWLINE in 'cut -d: -f4,6 /etc/passwd'; do HOMEDIR=$(echo ${PWLINE}|cut -d: -f2);GROUP=$(echo ${PWLINE} | cut -d: -f1);for INIFILE in $FILES;do MATCH=$(stat -c %g/%G:%n ${HOMEDIR}/${INIFILE} 2>null|egrep -c -v '${GROUP}');if [ $MATCH != 0 ] ; then chgrp ${GROUP} ${HOMEDIR}/${INIFILE};fi;done;done
See Also
http://iasecontent.disa.mil/stigs/zip/U_RedHat_5_V1R18_STIG.zip
Item Details
Category: ACCESS CONTROL
References: 800-53|AC-6, CAT|II, CCI|CCI-000225, Group-ID|V-22361, Rule-ID|SV-37252r1_rule, STIG-ID|GEN001870, Vuln-ID|V-22361
Plugin: Unix
Control ID: 4b2bb57b167e33bd68eb95c764c0b602f28b553b2e99349eb3baa9fd8d5e276e