Check: GEN000940
VMware ESX 3 Server:
GEN000940
(in version v1 r2)
Title
The root account's executable search path must be the vendor default and must contain only absolute paths. (Cat II impact)
Discussion
The executable search path (typically the PATH environment variable) contains a list of directories for the shell to search to find executables. If this path includes the current working directory or other relative paths, executables in these directories may be executed instead of system commands. This variable is formatted as a colon-separated list of directories. If there is an empty entry, such as a leading or trailing colon or two consecutive colons, this is interpreted as the current working directory. Entries starting with a slash (/) are absolute paths.
Check Content
To view the root user's PATH, log in as the root user, and execute the following. # env | grep PATH This variable is formatted as a colon-separated list of directories. If there is an empty entry, such as a leading or trailing colon or two consecutive colons, this is a finding. If an entry begins with a character other than a slash (/) or other than "$PATH", it is a relative path and this is a finding. If directories beyond those in the vendor's default root path are present, this is a finding.
Fix Text
Edit the root user's local initialization files. Change any found PATH variable settings to the vendor's default path for the root user. Remove any empty path entries or references to relative paths.
Additional Identifiers
Rule ID: SV-776r3_rule
Vulnerability ID: V-776
Group Title: GEN000940
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |