Check: GEN001460
HP-UX 11.23 STIG:
GEN001460
(in version v1 r8)
Title
All interactive user home directories defined in the /etc/passwd file must exist. (Cat III impact)
Discussion
If a user has a home directory defined that does not exist, the user may be given the / directory, by default, as the current working directory upon logon. This could create a Denial of Service because the user would not be able to perform useful tasks in this location.
Check Content
Verify the consistency of the assigned home directories in the authentication database. For Trusted Mode: # authck -av If any assigned home directory does not exist, this is a finding. For SMSE: # pwck If any assigned home directory does not exist, this is a finding.
Fix Text
Determine why the user home directory does not exist. Possible actions include: account deletion or disablement. If the account is determined to be valid, create the home directory either manually (mkdir directoryname, copy the skeleton files into the directory, chown account name for the new directory and the skeleton files) or via the HP SMH/SAM utility.
Additional Identifiers
Rule ID: SV-38489r2_rule
Vulnerability ID: V-900
Group Title: GEN001460
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000225 |
The organization employs the concept of least privilege, allowing only authorized accesses for users (and processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions. |
Controls
Number | Title |
---|---|
AC-6 |
Least Privilege |