{"description": "Set the mode of the user initialization files to <tt>0740</tt> with the\nfollowing command:\n<pre>$ sudo chmod 0740 /home/<i>USER</i>/.<i>INIT_FILE</i></pre>", "rationale": "Local initialization files are used to configure the user's shell environment\nupon logon. Malicious modification of these files could compromise accounts upon\nlogon.", "severity": "medium", "references": {"srg": ["SRG-OS-000480-GPOS-00227"], "anssi": ["R50"], "cis": ["7.2.10"]}, "control_references": {"anssi": ["R50"], "cis": ["7.2.10"]}, "components": [], "identifiers": {}, "ocil_clause": "they are not 0740 or more permissive", "ocil": "To verify that all user initialization files have a mode of <tt>0740</tt> or\nless permissive, run the following command:\n<pre>$ sudo find /home -type f -name '\\.*' \\( -perm -0002 -o -perm -0020 \\)</pre>\nThere should be no output.", "oval_external_content": null, "fixtext": "Set the mode of the local initialization files to \"0740\" with the following command:\n\nNote: The example will be for the smithj user, who has a home directory of \"/home/smithj\".\n\n$ sudo chmod 0740 /home/smithj/.", "checktext": "", "vuldiscussion": "", "srg_requirement": "All Ubuntu 22.04 local initialization files must have mode 0740 or less permissive.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "All Ubuntu 22.04 local initialization files must have mode 0740 or less permissive.", "vuldiscussion": "Local initialization files are used to configure the user's shell environment upon logon. Malicious modification of these files could compromise accounts upon logon.", "checktext": "Verify that all local initialization files have a mode of \"0740\" or less permissive with the following command:\n\nNote: The example will be for the \"wadea\" user, who has a home directory of \"/home/wadea\".\n\n$ sudo ls -al /home/wadea/.[^.]* | more\n\n-rwxr-xr-x 1 wadea users 896 Mar 10 2011 .profile\n-rwxr-xr-x 1 wadea users 497 Jan 6 2007 .login\n-rwxr-xr-x 1 wadea users 886 Jan 6 2007 .something\n\nIf any local initialization files have a mode more permissive than \"0740\", this is a finding.", "fixtext": "Set the mode of the local initialization files to \"0740\" with the following command:\n\nNote: The example will be for the wadea user, who has a home directory of \"/home/wadea\".\n\n$ sudo chmod 0740 /home/wadea/.&ltINIT_FILE&gt"}}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Ensure All User Initialization Files Have Mode 0740 Or Less Permissive", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml", "template": null}