Environment Variable Permissions

Prevent modification of environment variables by unauthorized users and groups.

ID: M1039
Version: 1.0
Created: 11 June 2019
Last Modified: 11 June 2019

Techniques Addressed by Mitigation

Domain ID Name Use
Enterprise T1562 .003 Impair Defenses: Impair Command History Logging

Prevent users from changing the HISTCONTROL, HISTFILE, and HISTFILESIZE environment variables. [1]

Enterprise T1070 .003 Indicator Removal on Host: Clear Command History

Making the environment variables associated with command history read only may ensure that the history is preserved.[1]

References