Rule ID
SV-45153r1_rule
Version
V1R12
CCIs
Local initialization files are used to configure the user's shell environment upon login. Malicious modification of these files could compromise accounts upon logon.
Check user home directories for local initialization files group-owned by a group other than the user's primary group or root.
Procedure:
# ls –a /<users home directory> | grep “^\.” | awk '{if ((!($1=="."))&&(!($1==".."))) print}' | xargs ls –ld
If any file is not group-owned by root or the user's primary GID, this is a finding.Change the group-owner of the local initialization file to the user's primary group, or root.
# chgrp <user's primary GID> <user's local initialization file>
Procedure:
for PWLINE in $(cut -d: -f4,6 /etc/passwd); do HOMEDIR=${PWLINE##*:}; GROUP=${PWLINE%%:*}; FILES=$(find ${HOMEDIR} ! -fstype nfs -type f -name '\.*'); for INIFILE in ${FILES}; do GID=$(stat -c %g ${INIFILE}); test "$GROUP" = "${GID}" || chgrp ${GROUP} ${INIFILE}; done; done