CCE-95465-1Platform: cpe:/o:amazon:linux:2, cpe:/o:centos:centos:7, cpe:/o:oracle:linux:7, cpe:/o:oracle:linux:8, cpe:/o:redhat:enterprise_linux:7, cpe:/o:redhat:enterprise_linux:8, cpe:/o:redhat:enterprise_linux:9 | Date: (C)2021-03-05 (M)2023-07-04 |
Description:
While the system administrator can establish secure permissions for users "dot" files, the
users can easily override these.
Rationale:
Group or world-writable user configuration files may enable malicious users to steal or
modify other users data or to gain another user's system privileges.
Audit:
Run the following script and verify no results are returned:
#!/bin/bash
grep -E -v '^(halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which
nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while read user
dir; do
if [ ! -d "$dir" ]; then
echo "The home directory ($dir) of user $user does not exist."
else
for file in $dir/.[A-Za-z0-9]*; do
if [ ! -h "$file" -a -f "$file" ]; then
fileperm=$(ls -ld $file | cut -f1 -d" ")
if [ $(echo $fileperm | cut -c6) != "-" ]; then
echo "Group Write permission set on file $file"
fi
if [ $(echo $fileperm | cut -c9) != "-" ]; then
echo "Other Write permission set on file $file"
fi
fi
done
fi
done
Remediation:
Making global modifications to users files without alerting the user community can result
in unexpected outages and unhappy users. Therefore, it is recommended that a monitoring
policy be established to report user dot file permissions and determine the action to be
taken in accordance with site policy.
Notes:
On some distributions the /sbin/nologin should be replaced with /usr/sbin/nologin.
Parameter:
[yes/no]
Technical Mechanism:
Making global modifications to users files without alerting the user community can result
in unexpected outages and unhappy users. Therefore, it is recommended that a monitoring
policy be established to report user dot file permissions and determine the action to be
taken in accordance with site policy.
CCSS Severity: | CCSS Metrics: |
CCSS Score : 8.8 | Attack Vector: LOCAL |
Exploit Score: 2.0 | Attack Complexity: LOW |
Impact Score: 6.0 | Privileges Required: LOW |
Severity: HIGH | User Interaction: NONE |
Vector: AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | Scope: CHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72911 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:68616 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:73016 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72379 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72805 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72013 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:84253 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72702 |