STIGQter STIGQter: STIG Summary: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

All SUSE operating system local interactive user initialization files executable search paths must contain only paths that resolve to the users home directory.

DISA Rule

SV-234996r622137_rule

Vulnerability Number

V-234996

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

SLES-15-040120

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Edit the SUSE operating system local interactive user initialization files to change any PATH variable statements for executables that reference directories other than their home directory. If a local interactive user requires path variables to reference a directory owned by the application, it must be documented with the ISSO.

Check Contents

Verify that all SUSE operating system local interactive user initialization files executable search path statements do not contain statements that will reference a working directory other than the user's home directory.

Check the executable search path statement for all operating system local interactive user initialization files in the users' home directory with the following commands:

Note: The example will be for the user "smithj", who has a home directory of "/home/smithj".

> sudo grep -i path /home/smithj/.*
/home/smithj/.bash_profile:PATH=$PATH:$HOME/.local/bin:$HOME/bin
/home/smithj/.bash_profile:export PATH

If any local interactive user initialization files have executable search path statements that include directories outside of their home directory, and the additional path statements are not documented with the ISSO as an operational requirement, this is a finding.

Vulnerability Number

V-234996

Documentable

False

Rule Version

SLES-15-040120

Severity Override Guidance

Verify that all SUSE operating system local interactive user initialization files executable search path statements do not contain statements that will reference a working directory other than the user's home directory.

Check the executable search path statement for all operating system local interactive user initialization files in the users' home directory with the following commands:

Note: The example will be for the user "smithj", who has a home directory of "/home/smithj".

> sudo grep -i path /home/smithj/.*
/home/smithj/.bash_profile:PATH=$PATH:$HOME/.local/bin:$HOME/bin
/home/smithj/.bash_profile:export PATH

If any local interactive user initialization files have executable search path statements that include directories outside of their home directory, and the additional path statements are not documented with the ISSO as an operational requirement, this is a finding.

Check Content Reference

M

Target Key

5274

Comments