Title

All AIX interactive users must be assigned a home directory in the passwd file and the directory must exist. (Cat II impact)

Discussion

All users must be assigned a home directory in the passwd file. Failure to have a home directory may result in the user being put in the root directory. This could create a Denial of Service because the user would not be able to perform useful tasks in this location.

Check Content

Verify each interactive user is assigned a home directory: # cut -d: -f1,6 /etc/passwd root srvproxy doejohn If an interactive user is not assigned a home directory, this is a finding. Verify that the interactive user home directories exist on the system: # cut -d: -f6 /etc/passwd | xargs -n1 ls -ld drwxr-xr-x 2 doejohn staff 256 Jan 25 13:18 /home/doejohn drwxr-xr-x 2 sshd system 256 Aug 11 2017 /home/srvproxy drwx------ 2 root system 256 Jan 30 12:54 /root If any interactive user home directory does not exist, this is a finding.

Fix Text

Remove any unauthorized accounts with no home directory. If the account is valid, create the home directory using the appropriate system administration utility or process.

Additional Identifiers

Rule ID: SV-215435r508663_rule

Vulnerability ID: V-215435

Group Title: SRG-OS-000480-GPOS-00230

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.