Navigate

Check: GEN000920

HP-UX 11.31 STIG: GEN000920 (in versions v1 r19 through v1 r13)

Title

The root account's home directory (other than /) must have mode 0700. (Cat II impact)

Discussion

Permissions greater than 0700 could allow unauthorized users access to the root home directory.

Check Content

Check the mode of the root home directory. Procedure: # cat /etc/passwd | grep "^root" | cut -f 6,6 -d ":" # ls -lLd <root home directory> If the mode of the directory is not equal to 0700, this is a finding. If the home directory is /, this check will be marked Not Applicable.

Fix Text

The root home directory will have permissions of 0700. Do not change the protections of the / directory. Use the following command to change protections for the root home directory: # chmod 0700 /rootdir.

Additional Identifiers

Rule ID: SV-38450r1_rule

Vulnerability ID: V-775

Group Title: GEN000920

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000225	The organization employs the concept of least privilege, allowing only authorized accesses for users (and processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AC-6	Least Privilege