Local initialization files are used to configure the user's shell environment upon logon. Malicious modification of these files could compromise accounts upon logon.
Check
Verify OL 9 configures all local initialization files to have a mode of "0740" or less permissive with the following command:
Note: The example will be for the "disauser" user, who has a home directory of "/home/disauser".
$ sudo ls -al /home/disauser/.[^.]* | more -rwxr-xr-x 1 disauser users 896 Mar 10 2011 .profile -rwxr-xr-x 1 disauser users 497 Jan 6 2007 .login -rwxr-xr-x 1 disauser users 886 Jan 6 2007 .something
If any local initialization files have a mode more permissive than "0740", this is a finding.
Fix
Set the mode of the local initialization files to "0740" with the following command:
Note: The example will be for the disauser user who has a home directory of "/home/disauser".