Title

The root shell must be located in the / file system. (Cat III impact)

Discussion

To ensure the root shell is available in repair and administrative modes, the root shell must be located in the / file system.

Check Content

Determine if /usr has a dedicated file system. Procedure: # grep /usr /etc/fstab If /usr is on a dedicated file system, check the location of root's default shell. Procedure: # grep "^root:" /etc/passwd | grep ":/usr" If the root shell is found to be on a /usr dedicated file system, this is a finding.

Fix Text

Change the root account's shell to one present on the / file system. Procedure: Edit /etc/passwd and change the shell for the root account to one present on the / file system (such as /bin/sh, assuming /bin is not on a separate file system). If the system does not store shell configuration in the /etc/passwd file, consult vendor documentation for the correct procedure for the system.

Additional Identifiers

Rule ID: SV-1062r2_rule

Vulnerability ID: V-1062

Group Title: GEN001080

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.