STIGQter STIGQter: STIG Summary: Solaris 11 X86 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

All home directories must be owned by the respective user assigned to it in /etc/passwd.

DISA Rule

SV-216188r603268_rule

Vulnerability Number

V-216188

Group Title

SRG-OS-000480

Rule Version

SOL-11.1-070090

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

The root role is required.

Correct the owner of any directory that does not match the password file entry for that user.

# chown [user] [home directory]

Check Contents

The root role is required.

Check that home directories are owned by the correct user.

# export IFS=":"; logins -uxo | while read user uid group gid gecos home rest; do result=$(find ${home} -type d -prune \! -user $user -print 2>/dev/null);
if [ ! -z "${result}" ]; then
echo "User: ${user}\tOwner: $(ls -ld $home | awk '{ print $3 }')";
fi;
done

If any output is produced, this is a finding.

Vulnerability Number

V-216188

Documentable

False

Rule Version

SOL-11.1-070090

Severity Override Guidance

The root role is required.

Check that home directories are owned by the correct user.

# export IFS=":"; logins -uxo | while read user uid group gid gecos home rest; do result=$(find ${home} -type d -prune \! -user $user -print 2>/dev/null);
if [ ! -z "${result}" ]; then
echo "User: ${user}\tOwner: $(ls -ld $home | awk '{ print $3 }')";
fi;
done

If any output is produced, this is a finding.

Check Content Reference

M

Target Key

4021

Comments