Navigate

Check: GEN001960

VMware ESX 3 Server: GEN001960 (in version v1 r2)

Title

User start-up files must not contain the mesg -y or mesg y command. (Cat III impact)

Discussion

The mesg -y or mesg y command turns on terminal messaging. On systems that do not default to mesg -n, the system profile (or equivalent) provides it. If the user changes this setting, write access may be provided to the terminal screen which could disrupt processing or cause enough confusion to result in damage to sensitive files. Educate users about the danger of having terminal messaging set on.

Check Content

# grep "mesg" /<usershomedirectory>/.* If local initialization files contain the mesg -y or mesg y command, this is a finding.

Fix Text

Edit the local initialization file(s) and remove the mesg -y command.

Additional Identifiers

Rule ID: SV-4088r2_rule

Vulnerability ID: V-4088

Group Title: GEN001960

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000032	The information system enforces information flow control using organization-defined security policy filters as a basis for flow control decisions for organization-defined information flows.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AC-4 (8)	Security Policy Filters