Skip to content

M1039 Environment Variable Permissions

Prevent modification of environment variables by unauthorized users and groups.

Item Value
ID M1039
Version 1.0
Created 11 June 2019
Last Modified 11 June 2019
Navigation Layer View In ATT&CK® Navigator

Techniques Addressed by Mitigation

Domain ID Name Use
enterprise T1562 Impair Defenses -
enterprise T1562.003 Impair Command History Logging Prevent users from changing the HISTCONTROL, HISTFILE, and HISTFILESIZE environment variables. 1
enterprise T1070 Indicator Removal on Host -
enterprise T1070.003 Clear Command History Making the environment variables associated with command history read only may ensure that the history is preserved.1

References

Back to top