All run control scripts must have mode 0755 or less permissive.

An XCCDF Rule

Description

<VulnDiscussion>If the startup files are writable by other users, these users could modify the startup files to insert malicious commands into the startup files.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-216299r959010_rule
Severity: Medium
References: CCI-000366
Updated: 18 days ago

Ensure all system startup files have mode 0755 or less permissive. Examine the rc files, and all files in the rc1.d (rc2.d, and so on) directories, and in the /etc/init.d and /lib/svc/method directories to ensure they are not world writable. If they are world writable, use the chmod command to correct the vulnerability and to research why.

Procedure: 

# chmod go-w <startupfile>

All run control scripts must have mode 0755 or less permissive.

Description

Remediation - Manual Procedure