Skip to content

6.2.9 Ensure root PATH Integrity

Audit#

Run the following script and verify no results are returned: 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
#!/bin/bash

RPCV="$(sudo -Hiu root env | grep '^PATH' | cut -d= -f2)"
echo "$RPCV" | grep -q "::" && echo "root's path contains a empty directory (::)"
echo "$RPCV" | grep -q ":$" && echo "root's path contains a trailing (:)"
for x in $(echo "$RPCV" | tr ":" " "); do
 if [ -d "$x" ]; then
 ls -ldH "$x" | awk '$9 == "." {print "PATH contains current working directory (.)"}
 $3 != "root" {print $9, "is not owned by root"}
 substr($1,6,1) != "-" {print $9, "is group writable"}
 substr($1,9,1) != "-" {print $9, "is world writable"}'
 else
 echo "$x is not a directory"
 fi
done

Remediation#

Correct or justify any items discovered in the Audit step.