M1039 Environment Variable Permissions
Prevent modification of environment variables by unauthorized users and groups.
| Item | Value |
|---|---|
| ID | M1039 |
| Version | 1.0 |
| Created | 11 June 2019 |
| Last Modified | 11 June 2019 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Addressed by Mitigation
| Domain | ID | Name | Use |
|---|---|---|---|
| enterprise | T1562 | Impair Defenses | - |
| enterprise | T1562.003 | Impair Command History Logging | Prevent users from changing the HISTCONTROL, HISTFILE, and HISTFILESIZE environment variables. 1 |
| enterprise | T1070 | Indicator Removal | - |
| enterprise | T1070.003 | Clear Command History | Making the environment variables associated with command history read only may ensure that the history is preserved.1 |