6.2.6 Ensure root PATH Integrity (Scored)

Level 1 - Server
Level 1 - Workstation 

The root user can execute any command on the system and could be fooled into executing programs unintentionally if the PATH is not set correctly.

Including the current working directory (.) or other writable directory in root's executable path makes it likely that an attacker can gain superuser access by forcing an administrator operating as root to execute a Trojan horse program.

Run the following script and verify no results are returned:

#!/bin/bash 
if [ "`echo $PATH | grep :: `" != "" ]; then 
  echo "Empty Directory in PATH (::)" 
fi 
if [ "`echo $PATH | grep :$`" != "" ]; then 
  echo "Trailing : in PATH" 
fi 
p=`echo $PATH | sed -e 's/::/:/' -e 's/:$//' -e 's/:/ /g'` 
set -- $p 
while [ "$1" != "" ]; do
  if [ "$1" = "." ]; then
    echo "PATH contains ." 
    shift 
    continue 
  fi 
  if [ -d $1 ]; then
    dirperm=`ls -ldH $1 | cut -f1 -d" "` 
    if [ `echo $dirperm | cut -c6 ` != "-" ]; then
      echo "Group Write permission set on directory $1" 
    fi 
  if [ `echo $dirperm | cut -c9 ` != "-" ]; then
    echo "Other Write permission set on directory $1" 
  fi 
  dirown=`ls -ldH $1 | awk '{print $3}'` 
  if [ "$dirown" != "root" ] ; then
    echo $1 is not owned by root 
  fi 
  else 
    echo $1 is not a directory
  fi 
  shift 
done

Correct or justify any items discovered in the Audit step.

  • ubuntu1604/6/2/6.txt
  • Last modified: 2017/05/04 14:31
  • by Piotr K┼éoczewski