Check: GEN003380
Solaris 10 X86 STIG:
GEN003380
(in versions v2 r4 through v1 r17)
Title
The "at" daemon must not execute programs in, or subordinate to, world-writable directories. (Cat II impact)
Discussion
If "at" programs are located in or subordinate to world-writable directories, they become vulnerable to removal and replacement by malicious users or system intruders.
Check Content
List any "at" jobs on the system. Procedure: # ls /var/spool/cron/atjobs For each "at" job, determine which programs are executed. Procedure: # more <at job file> Check the directory containing each program executed by "at" for world-writable permissions. Procedure: # ls -la <at program file directory> If "at" executes programs in world-writable directories, this is a finding.
Fix Text
Remove the world-writable permission from directories containing programs executed by "at". Procedure: # chmod o-w <at program directory>
Additional Identifiers
Rule ID: SV-227770r603266_rule
Vulnerability ID: V-227770
Group Title: SRG-OS-000480
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |