6.2.6 Ensure root PATH Integrity (Scored) [SecScan]

This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong.
======6.2.6 Ensure root PATH Integrity (Scored)======
=====Profile Applicability=====  
<code>
Level 1 - Server
Level 1 - Workstation 
</code>

=====Description=====
The ''root'' user can execute any command on the system and could be fooled into executing programs unintentionally if the ''PATH'' is not set correctly.

=====Rationale=====
Including the current working directory (.) or other writable directory in ''root'''s executable path makes it likely that an attacker can gain superuser access by forcing an administrator operating as ''root'' to execute a Trojan horse program.

=====Audit===== 
Run the following script and verify no results are returned:
<Code:bash>
#!/bin/bash 
if [ "`echo $PATH | grep :: `" != "" ]; then 
  echo "Empty Directory in PATH (::)" 
fi 
if [ "`echo $PATH | grep :$`" != "" ]; then 
  echo "Trailing : in PATH" 
fi 
p=`echo $PATH | sed -e 's/::/:/' -e 's/:$//' -e 's/:/ /g'` 
set -- $p 
while [ "$1" != "" ]; do
  if [ "$1" = "." ]; then
    echo "PATH contains ." 
    shift 
    continue 
  fi 
  if [ -d $1 ]; then
    dirperm=`ls -ldH $1 | cut -f1 -d" "` 
    if [ `echo $dirperm | cut -c6 ` != "-" ]; then
      echo "Group Write permission set on directory $1" 
    fi 
  if [ `echo $dirperm | cut -c9 ` != "-" ]; then
    echo "Other Write permission set on directory $1" 
  fi 
  dirown=`ls -ldH $1 | awk '{print $3}'` 
  if [ "$dirown" != "root" ] ; then
    echo $1 is not owned by root 
  fi 
  else 
    echo $1 is not a directory
  fi 
  shift 
done
</Code>

=====Remediation=====
Correct or justify any items discovered in the Audit step.