Check: GEN002120
HP-UX 11.23 STIG:
GEN002120
(in version v1 r8)
Title
The /etc/shells (or equivalent) file must exist. (Cat II impact)
Discussion
The shells file (or equivalent) lists approved default shells. It helps provide layered defense to the security approach by ensuring users cannot change their default shell to an unauthorized, unsecure shell.
Check Content
Verify /etc/shells exists. # ls -l /etc/shells If the file does not exist, this is a finding.
Fix Text
Create /etc/shells file containing a list of valid system shells. Consult vendor documentation for an appropriate list of system shells. Procedure: Typical installed shells include: /sbin/sh /usr/bin/sh /usr/bin/rsh /usr/bin/ksh /usr/bin/rksh /usr/bin/csh /usr/bin/keysh # echo "/sbin/sh" >> /etc/shells (Repeat as necessary for all existing shell programs.)
Additional Identifiers
Rule ID: SV-34952r1_rule
Vulnerability ID: V-916
Group Title: GEN002120
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |