STIGQter: STIG Summary: Solaris 10 SPARC Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

All files and directories contained in user home directories must be group-owned by a group of which the home directory's owner is a member.

DISA Rule

SV-226533r603265_rule

Vulnerability Number

V-226533

Group Title

SRG-OS-000480

Rule Version

GEN001550

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Change the group of a file not group-owned by a group where the home directory's owner is a member.
# chgrp < user's primary group > <file with bad group ownership >

Check Contents

Check the contents of user home directories for files group-owned by a group of which the home directory's owner is not a member.

1. List the user accounts.
# cut -d : -f 1/etc/passwd
2. For each user account, get a list of GIDs for files in the user's home directory.
# find < users home directory > -exec ls -lLd \;
3. Obtain the list of GIDs associated with the user's account.
# id < user name >
4. Check the GID lists. If there are GIDs in the file list not present in the user list, this is a finding.

Vulnerability Number

V-226533

Documentable

False

Rule Version

GEN001550

Severity Override Guidance

Check the contents of user home directories for files group-owned by a group of which the home directory's owner is not a member.

1. List the user accounts.
# cut -d : -f 1/etc/passwd
2. For each user account, get a list of GIDs for files in the user's home directory.
# find < users home directory > -exec ls -lLd \;
3. Obtain the list of GIDs associated with the user's account.
# id < user name >
4. Check the GID lists. If there are GIDs in the file list not present in the user list, this is a finding.

Check Content Reference

M

Target Key

4060

Comments