← Back to SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

V-910

CAT I (High)

Run control scripts must not execute world-writable programs or scripts.

Rule ID

SV-45068r1_rule

STIG

SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

Version

V1R12

CCIs

CCI-000225

Discussion

World-writable files could be modified accidentally or maliciously to compromise system integrity.

Check Content

Check the permissions on the files or scripts executed from system startup scripts to see if they are world-writable.

Procedure:
# more <startup script>
# ls -lL <script or executable referenced by startup script>

Alternatively, obtain a list of all world-writable files on the system and check system startup scripts to determine if any are referenced.

Procedure:
# find / -perm -0002 -type f | grep –v ‘^/proc’ > wwlist
If any system startup script executes any file or script that is world-writable, this is a finding.

Fix Text

Remove the world-writable permission from programs or scripts executed by run control scripts.

Procedure:
# chmod o-w <program or script executed from run control script>