Title

A separate RHEL 9 file system must be used for user home directories (such as /home or an equivalent). (Cat II impact)

Discussion

Ensuring that "/home" is mounted on its own partition enables the setting of more restrictive mount options, and also helps ensure that users cannot trivially fill partitions used for log or audit data storage.

Check Content

Verify that a separate file system/partition has been created for "/home" with the following command: $ mount | grep /home UUID=fba5000f-2ffa-4417-90eb-8c54ae74a32f on /home type ext4 (rw,nodev,nosuid,noexec,seclabel) If a separate entry for "/home" is not in use, this is a finding.

Fix Text

Migrate the "/home" directory onto a separate file system/partition.

Additional Identifiers

Rule ID: SV-257843r925516_rule

Vulnerability ID: V-257843

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.