An error occurred:

Check: GEN000920

Solaris 10 SPARC STIG: GEN000920 (in versions v2 r4 through v1 r19)

Title

The root account's home directory (other than /) must have mode 0700. (Cat II impact)

Discussion

Permissions greater than 0700 could allow unauthorized users access to the root home directory.

Check Content

Check the mode of the root home directory. Procedure: # grep "^root" /etc/passwd | awk -F":" '{print $6}' # ls -ld <root home directory> If the mode of the directory is not equal to 0700, this is a finding. If the home directory is /, this is not applicable.

Fix Text

The root home directory will have permissions of 0700. Do not change the protections of the / directory. Use the following command to change protections for the root home directory. # chmod 0700 /rootdir.

Additional Identifiers

Rule ID: SV-226472r854404_rule

Vulnerability ID: V-226472

Group Title: SRG-OS-000326

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-002233

The information system prevents organization-defined software from executing at higher privilege levels than users executing the software.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-6 (8)

Privilege Levels For Code Execution