Title

All SUSE operating system local interactive user accounts, upon creation, must be assigned a home directory. (Cat II impact)

Discussion

If local interactive users are not assigned a valid home directory, there is no place for the storage and control of files they should own.

Check Content

Verify all SUSE operating system local interactive users on the system are assigned a home directory upon creation. Check to see if the system is configured to create home directories for local interactive users with the following command: # grep -i create_home /etc/login.defs CREATE_HOME yes If the value for "CREATE_HOME" parameter is not set to "yes", the line is missing, or the line is commented out, this is a finding.

Fix Text

Configure the SUSE operating system to assign home directories to all new local interactive users by setting the "CREATE_HOME" parameter in "/etc/login.defs" to "yes" as follows. CREATE_HOME yes

Additional Identifiers

Rule ID: SV-217171r603262_rule

Vulnerability ID: V-217171

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.