This check ensures the following in the executable path of the root user:
current working directory not present - `.` (dot)
directories starts with a slash - `/`
path contains double colon - `::`
path has a trailing colon - `:$` (end of line)
Ensuring this prevents a malicious user from escalating privileges to superuser by forcing an administrator logged in as root from running a Trojan horse that may be installed in the current working directory.
description: "This check makes sure that root's $PATH variable does not contain any relative path."
This check reports all the world/group writeable directories in root users PATH variable. All directories returned by this check should be carefully examined and unnecessary world/group writeable permissions on directories should be removed as follows:
# chmod go-w path/to/directory
description: "This check makes sure that root's $PATH variable does not contain any writeable directory."