{"description": "Assuming root shell is bash, edit the following files:\n<pre>~/.profile</pre>\n<pre>~/.bashrc</pre>\nChange any <tt>PATH</tt> variables to the vendor default for root and remove any\nempty <tt>PATH</tt> entries or references to relative paths.", "rationale": "The root account's executable search path must be the vendor default, and must\ncontain only absolute paths.", "severity": "unknown", "references": {"cis-csc": ["18"], "cobit5": ["APO13.01", "BAI03.01", "BAI03.02", "BAI03.03"], "isa-62443-2009": ["4.3.4.3.3"], "iso27001-2013": ["A.14.1.1", "A.14.2.1", "A.14.2.5", "A.6.1.5"], "nist": ["CM-6(a)"], "nist-csf": ["PR.IP-2"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "any of these conditions are not met", "ocil": "To view the root user's <tt>PATH</tt>, run the following command:\n<pre>$ sudo env | grep PATH</pre>\nIf correctly configured, the <tt>PATH</tt> must: use vendor default settings,\nhave no empty entries, and have no entries beginning with a character\nother than a slash (/).", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Root Path Must Be Vendor Default", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-restrictions/root_logins/root_path_default/rule.yml", "template": null}