Navigate

Check: GEN000900

IRIX 6.5: GEN000900 (in versions v1 r1 through v1 r0.6)

Title

The root user's home directory must not be the root directory (/). (Cat III impact)

Discussion

Changing the root home directory to something other than / and assigning it a 0700 protection makes it more difficult for intruders to manipulate the system by reading the files that root places in its default directory. It also gives root the same discretionary access control for root's home directory as for the other plain user home directories.

Check Content

Determine if root is assigned a home directory other than / by listing its home directory. Procedure: # grep "^root" /etc/passwd If the root user home directory is /, this is a finding.

Fix Text

The root home directory should be something other than / (such as /rootdir). Edit the passwd file and change the root home directory to /rootdir.

Additional Identifiers

Rule ID:

Vulnerability ID: V-774

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000366	The organization implements the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-6	Configuration Settings