6.1.10 Ensure no world writable files exist (Scored) [SecScan]

This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong.

======6.1.10 Ensure no world writable files exist (Scored)======
=====Profile Applicability=====  
<code>
Level 1 - Server
Level 1 - Workstation 
</code>

=====Description=====
Unix-based systems support variable settings to control access to files. World writable files are the least secure. See the ''chmod(2)'' man page for more information.

=====Rationale=====
Data in world-writable files can be modified and compromised by any user on the system. World writable files may also indicate an incorrectly written script or program that could potentially be the cause of a larger compromise to the system's integrity.

=====Audit===== 
Run the following command and verify no files are returned:
<Code:bash>
# df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -0002
</Code>
The command above only searches local filesystems, there may still be compromised items on network mounted partitions. Additionally the ''--local'' option to df is not universal to all versions, it can be omitted to search all filesystems on a system including network mounted filesystems or the following command can be run manually for each partition:
<Code:bash>
# find <partition> -xdev -type f -perm -0002
</Code>
=====Remediation=====
Removing write access for the "other" category (''chmod o-w'' <filename>) is advisable, but always consult relevant vendor documentation to avoid breaking any application dependencies on a given file.