no way to compare when less than two revisions

Differences

This shows you the differences between two versions of the page.


ubuntu1604:1:1:20 [2017/05/02 14:58] (current) – utworzono Piotr Kłoczewski
Line 1: Line 1:
 +====== 1.1.20 Ensure sticky bit is set on all world-writable directories (Scored) ====== 
 +=====Profile Applicability=====   
 +<code> 
 +Level 1 - Server  
 +Level 1 - Workstation 
 +</code> 
 +=====Description===== 
 +Setting the sticky bit on world writable directories prevents users from deleting or renaming files in that directory that are not owned by them. 
 +=====Rationale===== 
 +This feature prevents the ability to delete or rename files in world writable directories (such as ''/tmp'') that are owned by another user. 
 +=====Audit=====  
 +Run the following command to verify no world writable directories exist without the sticky bit set: 
 +<Code:bash> 
 +# df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type d \( -perm -0002 -a ! -perm -1000 \) 2>/dev/null 
 +</Code> 
 +=====Remediation=====  
 +Run the following command to set the sticky bit on all world writable directories: 
 +<Code:bash> 
 +# df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type d -perm -0002 2>/dev/null | chmod a+t 
 +</Code>
  • ubuntu1604/1/1/20.txt
  • Last modified: 2017/05/02 14:58
  • by Piotr Kłoczewski