SV-216304r603267_rule
V-216304
SRG-OS-000480
SOL-11.1-020350
CAT II
10
Remove the world writable permission from programs or scripts executed by run control scripts.
Procedure:
# chmod o-w <program or script executed from run control script>
Check the permissions on the files or scripts executed from system startup scripts to see if they are world writable.
Create a list of all potential run command level scripts.
# ls -l /etc/init.d/* /etc/rc* | tr '\011' ' ' | tr -s ' ' | cut -f 9,9 -d " "
Create a list of world writable files.
# find / -perm -002 -type f >> WorldWritableFileList
Determine if any of the world writeable files in "WorldWritableFileList" are called from the run command level scripts.
Note: Depending upon the number of scripts vs. world writable files, it may be easier to inspect the scripts manually.
# more `ls -l /etc/init.d/* /etc/rc* | tr '\011' ' ' | tr -s ' ' | cut -f 9,9 -d " "`
If any system startup script executes any file or script that is world writable, this is a finding.
V-216304
False
SOL-11.1-020350
Check the permissions on the files or scripts executed from system startup scripts to see if they are world writable.
Create a list of all potential run command level scripts.
# ls -l /etc/init.d/* /etc/rc* | tr '\011' ' ' | tr -s ' ' | cut -f 9,9 -d " "
Create a list of world writable files.
# find / -perm -002 -type f >> WorldWritableFileList
Determine if any of the world writeable files in "WorldWritableFileList" are called from the run command level scripts.
Note: Depending upon the number of scripts vs. world writable files, it may be easier to inspect the scripts manually.
# more `ls -l /etc/init.d/* /etc/rc* | tr '\011' ' ' | tr -s ' ' | cut -f 9,9 -d " "`
If any system startup script executes any file or script that is world writable, this is a finding.
M
4022