OL 9 local initialization files must have mode 0740 or less permissive.

STIG ID: OL09-00-002513  |  SRG: SRG-OS-000480-GPOS-00227 |  Severity: medium |  CCI: CCI-000366 |  Vulnerability Id: V-271782

Vulnerability Discussion

Local initialization files are used to configure the user's shell environment upon logon. Malicious modification of these files could compromise accounts upon logon.

Check

Verify that OL 9 configures all local initialization files to have a mode of "0740" or less permissive with the following command:

Note: The example will be for the "wadea" user, who has a home directory of "/home/wadea".

$ sudo ls -al /home/wadea/.[^.]* | more
-rwxr-xr-x 1 wadea users 896 Mar 10 2011 .profile
-rwxr-xr-x 1 wadea users 497 Jan 6 2007 .login
-rwxr-xr-x 1 wadea users 886 Jan 6 2007 .something

If any local initialization files have a mode more permissive than "0740", this is a finding.

Fix

Set the mode of the local initialization files to "0740" with the following command:

Note: The example will be for the wadea user, who has a home directory of "/home/wadea".

$ sudo chmod 0740 /home/wadea/.<INIT_FILE>
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.