STIGQter STIGQter: STIG Summary: SLES 12 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

All SUSE operating system local interactive user home directories must be group-owned by the home directory owners primary group.

DISA Rule

SV-217174r603889_rule

Vulnerability Number

V-217174

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

SLES-12-010750

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Change the group owner of a SUSE operating system local interactive user's home directory to the group found in "/etc/passwd". To change the group owner of a local interactive user's home directory, use the following command:

Note: The example will be for the user "smithj", who has a home directory of "/home/smithj", and has a primary group of users.

# chgrp users /home/smithj

Check Contents

Verify the assigned home directory of all SUSE operating system local interactive users is group-owned by that user's primary GID.

Check the home directory assignment for all non-privileged users on the system with the following command:

Note: This may miss local interactive users that have been assigned a privileged UID. Evidence of interactive use may be obtained from a number of log files containing system logon information. The returned directory "/home/smithj" is used as an example.

# awk -F: '($3>=1000)&&($7 !~ /nologin/){print $4, $6}' /etc/passwd
250 /home/smithj

Check the user's primary group with the following command:

# grep users /etc/group
users:x:250:smithj,jonesj,jacksons

If the user home directory referenced in "/etc/passwd" is not group-owned by that user's primary GID, this is a finding.

Vulnerability Number

V-217174

Documentable

False

Rule Version

SLES-12-010750

Severity Override Guidance

Verify the assigned home directory of all SUSE operating system local interactive users is group-owned by that user's primary GID.

Check the home directory assignment for all non-privileged users on the system with the following command:

Note: This may miss local interactive users that have been assigned a privileged UID. Evidence of interactive use may be obtained from a number of log files containing system logon information. The returned directory "/home/smithj" is used as an example.

# awk -F: '($3>=1000)&&($7 !~ /nologin/){print $4, $6}' /etc/passwd
250 /home/smithj

Check the user's primary group with the following command:

# grep users /etc/group
users:x:250:smithj,jonesj,jacksons

If the user home directory referenced in "/etc/passwd" is not group-owned by that user's primary GID, this is a finding.

Check Content Reference

M

Target Key

4033

Comments