STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:SV-215424r508663_rule
V-215424
SRG-OS-000480-GPOS-00227
AIX7-00-003129
CAT II
10
Edit the local initialization file(s) and remove the relative path entry from the library search path.
Identify local initialization files that have library search paths:
# cat /etc/passwd | cut -f 1,1 -d ":" | xargs -n1 -IUSER sh -c 'grep -l LIB ~USER/.*'
/root/.sh_history
/home/doejohn/.profile
/home/doejane/.profile
For each file identified above, verify the search path contains only absolute paths:
Note: The "LIBPATH" and "LD_LIBRARY_PATH" variables are formatted as a colon-separated list of directories.
# cat <local_initilization_file> | grep -Ei 'lib|library'
LD_LIBRARY_PATH=/usr/lib
LIBPATH=/usr/lib
If there is an empty entry, such as a leading or trailing colon, or two consecutive colons, this is a finding.
If an entry begins with a character other than a slash (/) or other than "$PATH", it is a relative path, and this is a finding.
V-215424
False
AIX7-00-003129
Identify local initialization files that have library search paths:
# cat /etc/passwd | cut -f 1,1 -d ":" | xargs -n1 -IUSER sh -c 'grep -l LIB ~USER/.*'
/root/.sh_history
/home/doejohn/.profile
/home/doejane/.profile
For each file identified above, verify the search path contains only absolute paths:
Note: The "LIBPATH" and "LD_LIBRARY_PATH" variables are formatted as a colon-separated list of directories.
# cat <local_initilization_file> | grep -Ei 'lib|library'
LD_LIBRARY_PATH=/usr/lib
LIBPATH=/usr/lib
If there is an empty entry, such as a leading or trailing colon, or two consecutive colons, this is a finding.
If an entry begins with a character other than a slash (/) or other than "$PATH", it is a relative path, and this is a finding.
M
4012