Check: GEN001680
HP-UX 11.23 STIG:
GEN001680
(in version v1 r8)
Title
All system startup files must be group-owned by root, sys, bin or other. (Cat II impact)
Discussion
If system startup files do not have a group owner of root or a system group, the files may be modified by malicious users or intruders.
Check Content
System start-up files are identified as follows: Run control scripts reside in the /sbin/init.d directory. Links to the run control scripts exist in the /sbin/rc*.d directories. Run control script configuration files exist in the /etc/rc.config.d directory. Check system start-up script file group ownership. # ls -lL /sbin/init.d/* /etc/rc.config.d/* /etc/rc.config.d/* If any system start-up script file is not group-owned by root, sys, bin or other, this is a finding.
Fix Text
Change the group ownership of the run control script(s) with incorrect group ownership. Procedure: # chgrp root <run control script>
Additional Identifiers
Rule ID: SV-38421r1_rule
Vulnerability ID: V-4090
Group Title: GEN001680
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000225 |
Employ the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) which are necessary to accomplish assigned organizational tasks. |
Controls
| Number | Title |
|---|---|
| AC-6 |
Least Privilege |