S 4.22 Prevention of loss of confidentiality of sensitive data in the Unix system

Initiation responsibility: Head of IT Section, IT Security Management

Implementation responsibility: Administrators

With the Unix commands ps, finger, who and (for Unix SVR4) listusers, information can be obtained about a user (e.g. method of working). Consideration should be given as to whether or not every user should be allowed to execute these commands (data privacy, unauthorised disclosure of log-in names, and the like). In case of doubt, access to these commands should be restricted.

When commands are invoked, no sensitive information, e.g. a password, should be entered as a parameter, as other users could view this entry with ps.