Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== 1.1.20 Ensure sticky bit is set on all world-writable directories (Scored) ====== =====Profile Applicability===== <code> Level 1 - Server Level 1 - Workstation </code> =====Description===== Setting the sticky bit on world writable directories prevents users from deleting or renaming files in that directory that are not owned by them. =====Rationale===== This feature prevents the ability to delete or rename files in world writable directories (such as ''/tmp'') that are owned by another user. =====Audit===== Run the following command to verify no world writable directories exist without the sticky bit set: <Code:bash> # df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type d \( -perm -0002 -a ! -perm -1000 \) 2>/dev/null </Code> =====Remediation===== Run the following command to set the sticky bit on all world writable directories: <Code:bash> # df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type d -perm -0002 2>/dev/null | chmod a+t </Code> ubuntu1604/1/1/20.txt Last modified: 2017/05/02 14:58by Piotr Kłoczewski