STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Red Hat Enterprise Linux 10 Security Technical Implementation Guide

V-281064

CAT II (Medium)

RHEL 10 must enforce mode "0740" or less permissive for local initialization files.

Rule ID

SV-281064r1165547_rule

STIG

Red Hat Enterprise Linux 10 Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000213

Discussion

Local initialization files are used to configure the user's shell environment upon login. Malicious modification of these files could compromise accounts upon login.

Check Content

Verify RHEL 10 is configured so that all local initialization files have a mode of "0740" or less permissive with the following command:

Note: The example will be for the "disauser" user, who has a home directory of "/home/disauser".

$ sudo find /home -maxdepth 2 -type f -name ".*" -exec stat -c "%n %a" {} \; | awk '$2 > 740'
/home/disauser/.bash_profile 770 

If any local initialization files are returned, this indicates a mode more permissive than "0740", and this is a finding.

Fix Text

Configure RHEL 10 so that all local initialization files have a mode of "0740" or less permissive with the following command:

Note: The example will be for the "disauser" user, who has a home directory of "/home/disauser".

$ sudo chmod 0740 /home/disauser/.<INIT_FILE>