Code: p633 Severity: Warning
Description: Attempted chsh command access via web Impact: Attempt to change a users shell on a webserver. Corrective: Webservers should not be allowed to view or execute files and binaries outside ofit's designated web root or cgi-bin.Whenever possible, sensitive filesand certain areas of the filesystem should have the system immutableflag set to negate the use of the chsh command. On BSD derived systems,setting the systems runtime securelevel also prevents the securelevelfrom being changed. (note: the securelevel can only be increased)
|
