Differences

This shows you the differences between two versions of the page.

Link to this comparison view

ubuntu1604:1:1:20 [2017/05/02 12:58] (current)
Piotr Kłoczewski utworzono
Line 1: Line 1:
 +====== 1.1.20 Ensure sticky bit is set on all world-writable directories (Scored) ====== 
 +=====Profile Applicability===== ​  
 +<​code>​ 
 +Level 1 - Server  
 +Level 1 - Workstation 
 +</​code>​ 
 +=====Description===== 
 +Setting the sticky bit on world writable directories prevents users from deleting or renaming files in that directory that are not owned by them. 
 +=====Rationale===== 
 +This feature prevents the ability to delete or rename files in world writable directories (such as ''/​tmp''​) that are owned by another user. 
 +=====Audit=====  
 +Run the following command to verify no world writable directories exist without the sticky bit set: 
 +<​Code:​bash>​ 
 +# df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '​{}'​ find '​{}'​ -xdev -type d \( -perm -0002 -a ! -perm -1000 \) 2>/​dev/​null 
 +</​Code>​ 
 +=====Remediation=====  
 +Run the following command to set the sticky bit on all world writable directories:​ 
 +<​Code:​bash>​ 
 +# df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '​{}'​ find '​{}'​ -xdev -type d -perm -0002 2>/​dev/​null | chmod a+t 
 +</​Code>​