Check: GEN001830
VMware ESX 3 Server:
GEN001830
(in version v1 r2)
Title
All skeleton files (typically in /etc/skel) must be group-owned by root, bin, sys, system, or other. (Cat II impact)
Discussion
If the skeleton files are not protected, unauthorized personnel could change user startup parameters and possibly jeopardize user files.
Check Content
Verify the skeleton files are group-owned by root. Procedure: # ls -alL /etc/skel If a skeleton file is not group-owned by root, this is a finding.
Fix Text
Change the group owner of the skeleton file to root, bin, sys, system, or other. Procedure: # chgrp <group> /etc/skel/[skeleton file]
Additional Identifiers
Rule ID: SV-26477r1_rule
Vulnerability ID: V-22358
Group Title: GEN001830
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000225 |
The organization employs the concept of least privilege, allowing only authorized accesses for users (and processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions. |
Controls
Number | Title |
---|---|
AC-6 |
Least Privilege |