Check: UBTU-16-010750
Canonical Ubuntu STIG:
UBTU-16-010750
(in versions v1 r2 through v1 r1)
Title
All local interactive user home directories must have mode 0750 or less permissive. (Cat II impact)
Discussion
Excessive permissions on local interactive user home directories may allow unauthorized access to user files by other users.
Check Content
Verify the assigned home directory of all local interactive users has a mode of "0750" or less permissive. Check the home directory assignment for all non-privileged users with the following command: Note: This may miss interactive users that have been assigned a privileged User Identifier (UID). Evidence of interactive use may be obtained from a number of log files containing system logon information. # ls -ld $(awk -F: '($3>=1000)&&($1!="nobody"){print $6}' /etc/passwd) drwxr-x--- 2 smithj admin 4096 Jun 5 12:41 smithj If home directories referenced in "/etc/passwd" do not have a mode of "0750" or less permissive, this is a finding.
Fix Text
Change the mode of interactive user’s home directories to "0750". To change the mode of a local interactive user’s home directory, use the following command: Note: The example will be for the user "smithj". # chmod 0750 /home/smithj
Additional Identifiers
Rule ID: SV-90245r1_rule
Vulnerability ID: V-75565
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |