Title

Run control scripts must not execute world-writable programs or scripts. (Cat I impact)

Discussion

World-writable files could be modified accidentally or maliciously to compromise system integrity.

Check Content

Check the permissions on the files or scripts executed from system startup scripts to see if they are world-writable. Create a list of all potential run command level scripts. # ls -l /etc/init.d/* | tr '\011' ' ' | tr -s ' ' | cut -f 9,9 -d " " OR # ls -l /sbin/init.d/* | tr '\011' ' ' | tr -s ' ' | cut -f 9,9 -d " " Create a list of world writeable files. # find / -perm -002 -type f >> worldWriteableFileList Determine if any of the world writeable files in worldWriteableFileList are called from the run command level scripts. Note: Depending upon the number of scripts vs world writeable files, it may be easier to inspect the scripts manually. # more `ls -l /etc/init.d/* | tr '\011' ' ' | tr -s ' ' | cut -f 9,9 -d " "` OR # more `ls -l /sbin/init.d/* | tr '\011' ' ' | tr -s ' ' | cut -f 9,9 -d " "` If any system startup script executes any file or script that is world-writable, this is a finding.

Fix Text

Remove the world-writable permission from programs or scripts executed by run control scripts. Procedure: # chmod o-w <program or script executed from run control script>

Additional Identifiers

Rule ID: SV-227667r603266_rule

Vulnerability ID: V-227667

Group Title: SRG-OS-000480

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.