Title

The root shell must be located in the / file system. (Cat III impact)

Discussion

To ensure the root shell is available in repair and administrative modes, the root shell must be located in the / file system.

Check Content

Determine if roots shell executable resides on a dedicated file system. Procedure: Find the location of the root users shell # grep "^root" /etc/passwd|cut -d: -f7|cut -d/ -f2 The result is the top level directory under / where the shell resides (ie. usr) Check if it is on a dedicated file system. # grep /<top level directory> /etc/fstab If /<top level directory> is on a dedicated file system, this is a finding.

Fix Text

Change the root account's shell to one present on the / file system. Procedure: Edit /etc/passwd and change the shell for the root account to one present on the / file system (such as /bin/sh, assuming /bin is not on a separate file system). If the system does not store shell configuration in the /etc/passwd file, consult vendor documentation for the correct procedure for the system.

Additional Identifiers

Rule ID: SV-44918r1_rule

Vulnerability ID: V-1062

Group Title: GEN001080

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.