no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
— | ubuntu1604:1:1:20 [2017/05/02 14:58] (current) – utworzono Piotr Kłoczewski | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== 1.1.20 Ensure sticky bit is set on all world-writable directories (Scored) ====== | ||
+ | =====Profile Applicability===== | ||
+ | < | ||
+ | Level 1 - Server | ||
+ | Level 1 - Workstation | ||
+ | </ | ||
+ | =====Description===== | ||
+ | Setting the sticky bit on world writable directories prevents users from deleting or renaming files in that directory that are not owned by them. | ||
+ | =====Rationale===== | ||
+ | This feature prevents the ability to delete or rename files in world writable directories (such as ''/ | ||
+ | =====Audit===== | ||
+ | Run the following command to verify no world writable directories exist without the sticky bit set: | ||
+ | < | ||
+ | # df --local -P | awk {'if (NR!=1) print $6'} | xargs -I ' | ||
+ | </ | ||
+ | =====Remediation===== | ||
+ | Run the following command to set the sticky bit on all world writable directories: | ||
+ | < | ||
+ | # df --local -P | awk {'if (NR!=1) print $6'} | xargs -I ' | ||
+ | </ |