Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ======6.2.6 Ensure root PATH Integrity (Scored)====== =====Profile Applicability===== <code> Level 1 - Server Level 1 - Workstation </code> =====Description===== The ''root'' user can execute any command on the system and could be fooled into executing programs unintentionally if the ''PATH'' is not set correctly. =====Rationale===== Including the current working directory (.) or other writable directory in ''root'''s executable path makes it likely that an attacker can gain superuser access by forcing an administrator operating as ''root'' to execute a Trojan horse program. =====Audit===== Run the following script and verify no results are returned: <Code:bash> #!/bin/bash if [ "`echo $PATH | grep :: `" != "" ]; then echo "Empty Directory in PATH (::)" fi if [ "`echo $PATH | grep :$`" != "" ]; then echo "Trailing : in PATH" fi p=`echo $PATH | sed -e 's/::/:/' -e 's/:$//' -e 's/:/ /g'` set -- $p while [ "$1" != "" ]; do if [ "$1" = "." ]; then echo "PATH contains ." shift continue fi if [ -d $1 ]; then dirperm=`ls -ldH $1 | cut -f1 -d" "` if [ `echo $dirperm | cut -c6 ` != "-" ]; then echo "Group Write permission set on directory $1" fi if [ `echo $dirperm | cut -c9 ` != "-" ]; then echo "Other Write permission set on directory $1" fi dirown=`ls -ldH $1 | awk '{print $3}'` if [ "$dirown" != "root" ] ; then echo $1 is not owned by root fi else echo $1 is not a directory fi shift done </Code> =====Remediation===== Correct or justify any items discovered in the Audit step. centos7/6/2/6.txt Last modified: 2017/05/04 20:02by 127.0.0.1