STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:SV-215193r508663_rule
V-215193
SRG-OS-000480-GPOS-00227
AIX7-00-001034
CAT II
10
For each world-writable path in root's executable search path, perform one of the following.
Remove the world-writable permission on the directory.
Run command:
# chmod o-w <path>
-OR-
Remove the world-writable directory from the executable search path. Identify and edit the initialization file referencing the world-writable directory and remove it from the PATH variable.
Check for world-writable permissions on all directories in the root user's executable search path:
# ls -ld `echo $PATH | sed "s/:/ /g"`
drwxr-xr-x 33 root system 8192 Nov 29 14:45 /etc
drwxr-xr-x 3 bin bin 256 Aug 11 2017 /sbin
drwxr-xr-x 4 bin bin 45056 Oct 31 12:59 /usr/bin
drwxr-xr-x 1 bin bin 16 Aug 11 2017 /usr/bin/X11
drwxr-xr-x 2 bin bin 4096 Aug 11 2017 /usr/java7_64/bin
drwxr-xr-x 4 bin bin 4096 Feb 17 2017 /usr/java7_64/jre/bin
drwxr-xr-x 8 bin bin 49152 Oct 31 12:59 /usr/sbin
drwxrwxr-x 2 bin bin 4096 Aug 11 2017 /usr/ucb
If any of the directories in the "PATH" variable are world-writable, this is a finding.
V-215193
False
AIX7-00-001034
Check for world-writable permissions on all directories in the root user's executable search path:
# ls -ld `echo $PATH | sed "s/:/ /g"`
drwxr-xr-x 33 root system 8192 Nov 29 14:45 /etc
drwxr-xr-x 3 bin bin 256 Aug 11 2017 /sbin
drwxr-xr-x 4 bin bin 45056 Oct 31 12:59 /usr/bin
drwxr-xr-x 1 bin bin 16 Aug 11 2017 /usr/bin/X11
drwxr-xr-x 2 bin bin 4096 Aug 11 2017 /usr/java7_64/bin
drwxr-xr-x 4 bin bin 4096 Feb 17 2017 /usr/java7_64/jre/bin
drwxr-xr-x 8 bin bin 49152 Oct 31 12:59 /usr/sbin
drwxrwxr-x 2 bin bin 4096 Aug 11 2017 /usr/ucb
If any of the directories in the "PATH" variable are world-writable, this is a finding.
M
4012