{"description": "To set the mode of the root user initialization file <tt>/root/.bash_profile</tt>,\nensure the following lines are is included in a file ending in <tt>.conf</tt> under\n<tt>/etc/tmpfiles.d/</tt>.\n<pre>\n    C /root/.bash_logout   600 root root - /usr/share/rootfiles/.bash_logout\n    C /root/.bash_profile  600 root root - /usr/share/rootfiles/.bash_profile\n    C /root/.bashrc        600 root root - /usr/share/rootfiles/.bashrc\n    C /root/.cshrc         600 root root - /usr/share/rootfiles/.cshrc\n    C /root/.tcshrc        600 root root - /usr/share/rootfiles/.tcshrc\n</pre>", "rationale": "Local initialization files are used to configure the user's shell environment\nupon logon. Malicious modification of these files could compromise accounts upon\nlogon.", "severity": "medium", "references": {"srg": ["SRG-OS-000480-GPOS-00227"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "that rootfiles are not configured correctly", "ocil": "Check the all files from <tt>/usr/share/rootfiles/</tt> are overridden correctly.\n<pre>\n    $ grep /usr/share/rootfiles/.bash_logout *.conf\n    C /root/.bash_logout   600 root root - /usr/share/rootfiles/.bash_logout\n    C /root/.bash_profile  600 root root - /usr/share/rootfiles/.bash_profile\n    C /root/.bashrc        600 root root - /usr/share/rootfiles/.bashrc\n    C /root/.cshrc         600 root root - /usr/share/rootfiles/.cshrc\n    C /root/.tcshrc        600 root root - /usr/share/rootfiles/.tcshrc\n</pre>", "oval_external_content": null, "fixtext": "Ensure the following lines are in <tt>.conf</tt> file under <tt>/etc/tmpfiles.d/</tt>.\n<pre>\n    C /root/.bash_logout   600 root root - /usr/share/rootfiles/.bash_logout\n    C /root/.bash_profile  600 root root - /usr/share/rootfiles/.bash_profile\n    C /root/.bashrc        600 root root - /usr/share/rootfiles/.bashrc\n    C /root/.cshrc         600 root root - /usr/share/rootfiles/.cshrc\n    C /root/.tcshrc        600 root root - /usr/share/rootfiles/.tcshrc\n</pre>", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirements": "Ubuntu 22.04 must have root's dotfiles configured correctly.", "checktext": "Check the all files from <tt>/usr/share/rootfiles/</tt> are overridden correctly in Ubuntu 22.04.\n<pre>\n    $ grep /usr/share/rootfiles/.bash_logout *.conf\n    C /root/.bash_logout   600 root root - /usr/share/rootfiles/.bash_logout\n    C /root/.bash_profile  600 root root - /usr/share/rootfiles/.bash_profile\n    C /root/.bashrc        600 root root - /usr/share/rootfiles/.bashrc\n    C /root/.cshrc         600 root root - /usr/share/rootfiles/.cshrc\n    C /root/.tcshrc        600 root root - /usr/share/rootfiles/.tcshrc\n</pre>", "fixtext": "Ensure the following lines are in <tt>.conf</tt> file under <tt>/etc/tmpfiles.d/</tt>.\n<pre>\n    C /root/.bash_logout   600 root root - /usr/share/rootfiles/.bash_logout\n    C /root/.bash_profile  600 root root - /usr/share/rootfiles/.bash_profile\n    C /root/.bashrc        600 root root - /usr/share/rootfiles/.bashrc\n    C /root/.cshrc         600 root root - /usr/share/rootfiles/.cshrc\n    C /root/.tcshrc        600 root root - /usr/share/rootfiles/.tcshrc\n</pre>", "vuldiscussion": "Excessive permissions on local interactive user home directories may allow unauthorized access to user files by other users."}}, "platform": "package[rootfiles]", "platforms": ["package[rootfiles]"], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": ["package_rootfiles"], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Ensure rootfiles tmpfile.d is Configured Correctly", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/permissions/files/rootfiles/rootfiles_configured/rule.yml", "template": null}