Detections
Analytics
RHEL-10-400335 - RHEL 10 must enforce that all local initialization files configured by systemd-tmpfiles have mode "0600" or less permissive.
Information
Excessive permissions on local interactive user home directories may allow unauthorized access to user files by other users.Solution
Configure RHEL 10 to enforce that all local initialization files configured by systemd-tmpfiles have mode "0600" or less permissive.Ensure the following lines are in a ".conf" file under "/etc/tmpfiles.d/":
C /root/.bash_logout 600 root root - /usr/share/rootfiles/.bash_logout
C /root/.bash_profile 600 root root - /usr/share/rootfiles/.bash_profile
C /root/.bashrc 600 root root - /usr/share/rootfiles/.bashrc
C /root/.cshrc 600 root root - /usr/share/rootfiles/.cshrc
C /root/.tcshrc 600 root root - /usr/share/rootfiles/.tcshrc
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_10_V1R1_STIG.zip
Item Details
Audit Name: DISA Red Hat Enterprise Linux 10 STIG v1r1
Category: ACCESS CONTROL
References: 800-53|AC-3, CAT|II, CCI|CCI-000213, Rule-ID|SV-281084r1165607_rule, STIG-ID|RHEL-10-400335, Vuln-ID|V-281084
Plugin: Unix
Control ID: 1b91714a8cf23e9c18cfe11ec0fc32fd5d59b23dfcc607034b2fb1e8f2043048