TOC & Recently Viewed

Recently Viewed Topics

Root Environment

dot_in_root_path_variable

This check ensures that the current working directory (“.”) is not included in the executable path of the root user. Ensuring this prevents a malicious user from escalating privileges to superuser by forcing an administrator logged in as root from running a Trojan horse that may be installed in the current working directory.

Usage

<item>

name: "dot_in_root_path_variable"

description: "This check makes sure that root's $PATH variable does not contain any relative path."

</item>

writeable_dirs_in_root_path_variable

This check reports all the world/group writeable directories in root users PATH variable. All directories returned by this check should be carefully examined and unnecessary world/group writeable permissions on directories should be removed as follows:

# chmod go-w path/to/directory

Usage

<item>

name: "writeable_dirs_in_root_path_variable"

description: "This check makes sure that root's $PATH variable does not contain any writeable directory."

</item>

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.