Check: GEN000920
Solaris 10 X86 STIG:
GEN000920
(in versions v2 r4 through v1 r17)
Title
The root account's home directory (other than /) must have mode 0700. (Cat II impact)
Discussion
Permissions greater than 0700 could allow unauthorized users access to the root home directory.
Check Content
Check the mode of the root home directory. Procedure: # grep "^root" /etc/passwd | awk -F":" '{print $6}' # ls -ld <root home directory> If the mode of the directory is not equal to 0700, this is a finding. If the home directory is /, this is not applicable.
Fix Text
The root home directory will have permissions of 0700. Do not change the protections of the / directory. Use the following command to change protections for the root home directory. # chmod 0700 /rootdir.
Additional Identifiers
Rule ID: SV-227598r854469_rule
Vulnerability ID: V-227598
Group Title: SRG-OS-000326
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002233 |
The information system prevents organization-defined software from executing at higher privilege levels than users executing the software. |
Controls
Number | Title |
---|---|
AC-6 (8) |
Privilege Levels For Code Execution |