Check: AIX7-00-003140
IBM AIX 7.x STIG:
AIX7-00-003140
(in versions v3 r1 through v1 r1)
Title
The AIX root user home directory must not be the root directory (/). (Cat II impact)
Discussion
Changing the root home directory to something other than / and assigning it a 0700 protection makes it more difficult for intruders to manipulate the system by reading the files that root places in its default directory. It also gives root the same discretionary access control for root's home directory as for the other plain user home directories.
Check Content
Determine if root is assigned a home directory other than "/" by listing its home directory by running command: # grep "^root" /etc/passwd | awk -F":" '{print $6}' /root If the root user's home directory is "/", this is a finding.
Fix Text
The root home directory should be something other than "/" (such as /root). Run commands: # mkdir /root # chown root /root # chgrp system /root # chmod 700 /root Then, edit the passwd file and change the root home directory to "/root".
Additional Identifiers
Rule ID: SV-215434r991592_rule
Vulnerability ID: V-215434
Group Title: SRG-OS-000480-GPOS-00230
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
Implement the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |