Ensure that Root's Path Does Not Include World or Group-Writable Directories

An XCCDF Rule

Description

For each element in root's path, run:

# ls -ld DIR

and ensure that write permissions are disabled for group and other.

Such entries increase the risk that root could execute code provided by unprivileged users, and potentially malicious code.

ID: xccdf_org.ssgproject.content_rule_accounts_root_path_dirs_no_write
Severity: Medium
References: 11 3 9

BAI10.01 BAI10.02 BAI10.03 BAI10.05

CCI-000366

4.3.4.3.2 4.3.4.3.3

SR 7.6

A.12.1.2 A.12.5.1 A.12.6.2 A.14.2.2 A.14.2.3 A.14.2.4

CM-6(a) CM-6(a)

PR.IP-1
Updated: about 1 month ago