{"description": "The active path of the root account can be obtained by\nstarting a new root shell and running:\n<pre># echo $PATH</pre>\nThis will produce a colon-separated list of\ndirectories in the path.\n<br /><br />\nCertain path elements could be considered dangerous, as they could lead\nto root executing unknown or\nuntrusted programs, which could contain malicious\ncode.\nSince root may sometimes work inside\nuntrusted directories, the <tt>.</tt> character, which represents the\ncurrent directory, should never be in the root path, nor should any\ndirectory which can be written to by an unprivileged or\nsemi-privileged (system) user.\n<br /><br />\nIt is a good practice for administrators to always execute\nprivileged commands by typing the full path to the\ncommand.", "warnings": [], "requires": [], "conflicts": [], "values": {}, "groups": {}, "rules": ["accounts_root_path_dirs_no_write", "no_dirs_unowned_by_root", "root_path_all_dirs", "root_path_no_dot"], "platform": "", "platforms": [], "inherited_platforms": [], "cpe_platform_names": [], "title": "Ensure that No Dangerous Directories Exist in Root's Path", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-session/root_paths/group.yml"}