Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
If a user on the unix system does not have an etc/.profile set up. What type of vulnerability is associated with this configuration.
Are they essentially logging directly to the root directory?
Can their user id be exploited by a hacker?
I am in the midst of an audit and the auditors found that I had 2 users on the system who did not have .profiles. Typically, I include a default login which takes them to a specific application menu and from their they can access various modules on the system. But without a .profile, I am unsure of the specific dangers associated with this oversight.
Any insight on the vulnerability of this occurring would be helpful.
There is a global file called /etc/profile that all users would execute on login (with certain shells).
Individual users usually have $HOME/.profile which is executed AFTER /etc/profile for their own customizations.
On Linux the defaults are actually /etc/bashrc and $HOME/.bashrc for the bash shell. /etc/profile and .profile are typically used on UNIX systems for Bourne Shell and Korn shell. You can run ksh on Linux but just wanted you to be aware of the distinction.
Since the .profile in a user's $HOME is defined to be modifiable by the user its existence or non-existence is NOT a security problem. Possibly the auditors fear someone other than the user could add a .profile to the user's $HOME and compromise their login. The way to prevent this is to make sure the user's $HOME is only writable by the user rather than worrying about the presence or absence (or contents of) a $HOME/.profile.
The file to be really concerned about is /etc/profile (and/or /etc/bashrc) since that is what does initial setup for all users. It is also the one where you can control things that you don't want the users to circumvent in their $HOME.
For example I once worked on a system for a large hotel corporation where the users "logged in" but were immediately "exec"d into the application. In /etc/profile we disabled all traps so that they could not hit Ctrl-C or other keys during the login to get out to a shell. If we'd done that in $HOME/.profile instead the user if fast enough or by hitting Ctrl-C over and over quickly might actually have gotten to a shell between the execution of /etc/profile and $HOME/.profile.
P.S. Auditors always HAVE to find "something" or they feel people won't think they did their jobs. Usually you can do "management response" such as the above to show you've noted their concern and don't think it is reasonable.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
