STIGQter STIGQter: STIG Summary: Solaris 10 X86 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

All local initialization files must have mode 0740 or less permissive.

DISA Rule

SV-227680r603266_rule

Vulnerability Number

V-227680

Group Title

SRG-OS-000480

Rule Version

GEN001880

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Ensure user startup files have permissions of 0740 or more restrictive. Examine each user's home directory and verify all file names beginning with "." have access permissions of 0740 or more restrictive. If they do not, use the chmod command to correct the vulnerability.

Procedure:
# chmod 0740 .filename

NOTE: The period is part of the file name and is required.

Check Contents

Check the modes of local initialization files.

Procedure:
# ls -al /<usershomedirectory>/.login
# ls -al /<usershomedirectory>/.cshrc
# ls -al /<usershomedirectory>/.logout
# ls -al /<usershomedirectory>/.profile
# ls -al /<usershomedirectory>/.bash_profile
# ls -al /<usershomedirectory>/.bashrc
# ls -al /<usershomedirectory>/.bash_logout
# ls -al /<usershomedirectory>/.env
# ls -al /<usershomedirectory>/.dtprofile (permissions should be 0755)
# ls -al /<usershomedirectory>/.dispatch
# ls -al /<usershomedirectory>/.emacs
# ls -al /<usershomedirectory>/.exrc
# find /<usershomedirectory>/.dt ! -fstype nfs \( -perm -0002 -o -perm -0020 \) -exec ls -ld {} \; (permissions not to be more
permissive than 0755)

If local initialization files are more permissive than 0740, the .dt directory or the .dtprofile file is more permissive than 0755, this is a finding.

Vulnerability Number

V-227680

Documentable

False

Rule Version

GEN001880

Severity Override Guidance

Check the modes of local initialization files.

Procedure:
# ls -al /<usershomedirectory>/.login
# ls -al /<usershomedirectory>/.cshrc
# ls -al /<usershomedirectory>/.logout
# ls -al /<usershomedirectory>/.profile
# ls -al /<usershomedirectory>/.bash_profile
# ls -al /<usershomedirectory>/.bashrc
# ls -al /<usershomedirectory>/.bash_logout
# ls -al /<usershomedirectory>/.env
# ls -al /<usershomedirectory>/.dtprofile (permissions should be 0755)
# ls -al /<usershomedirectory>/.dispatch
# ls -al /<usershomedirectory>/.emacs
# ls -al /<usershomedirectory>/.exrc
# find /<usershomedirectory>/.dt ! -fstype nfs \( -perm -0002 -o -perm -0020 \) -exec ls -ld {} \; (permissions not to be more
permissive than 0755)

If local initialization files are more permissive than 0740, the .dt directory or the .dtprofile file is more permissive than 0755, this is a finding.

Check Content Reference

M

Target Key

4061

Comments