STIGQter STIGQter: STIG Summary: Oracle Linux 7 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The Oracle Linux operating system must be configured so that all local interactive user home directories are group-owned by the home directory owners primary group.

DISA Rule

SV-221731r603795_rule

Vulnerability Number

V-221731

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

OL07-00-020650

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Change the group owner of a local interactive user's home directory to the group found in "/etc/passwd". To change the group owner of a local interactive user's home directory, use the following command:

Note: The example will be for the user "smithj", who has a home directory of "/home/smithj", and has a primary group of users.

# chgrp users /home/smithj

Check Contents

Verify the assigned home directory of all local interactive users is group-owned by that user's primary GID.

Check the home directory assignment for all local interactive users on the system with the following command:

# ls -ld $(awk -F: '($3>=1000)&&($7 !~ /nologin/){print $6}' /etc/passwd)

-rwxr-x--- 1 smithj users 18 Mar 5 17:06 /home/smithj

Check the user's primary group with the following command:

# grep users /etc/group

users:x:250:smithj,jonesj,jacksons

If the user home directory referenced in "/etc/passwd" is not group-owned by that user's primary GID, this is a finding.

Vulnerability Number

V-221731

Documentable

False

Rule Version

OL07-00-020650

Severity Override Guidance

Verify the assigned home directory of all local interactive users is group-owned by that user's primary GID.

Check the home directory assignment for all local interactive users on the system with the following command:

# ls -ld $(awk -F: '($3>=1000)&&($7 !~ /nologin/){print $6}' /etc/passwd)

-rwxr-x--- 1 smithj users 18 Mar 5 17:06 /home/smithj

Check the user's primary group with the following command:

# grep users /etc/group

users:x:250:smithj,jonesj,jacksons

If the user home directory referenced in "/etc/passwd" is not group-owned by that user's primary GID, this is a finding.

Check Content Reference

M

Target Key

4089

Comments