Detections
Analytics

7.1.21 Ensure local initialization files do not execute world-writable programs

Information

Local operating system initialization files must not execute world-writable programs.

If user start-up files execute world-writable programs, especially in unprotected directories, they could be maliciously modified to destroy user files or otherwise compromise the system at the user level. If the system is compromised at the user level, it is easier to elevate privileges to eventually compromise the system at the root and network level.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Set the mode on files being executed by the local initialization files with the following command:

# chmod 0755 <file>

See Also

https://workbench.cisecurity.org/benchmarks/19886

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CSCv7|14.6, Rule-ID|SV-230309r627750_rule, Vuln-ID|V-230309

Plugin: Unix

Control ID: 346a4734bd4622702a21254b81f483ecdedbf1ff5f0e4b65267e99634e73ec11