STIGQter: STIG Summary: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:SV-235004r622137_rule
V-235004
SRG-OS-000480-GPOS-00227
SLES-15-040200
CAT III
10
Create a separate file system/partition for SUSE operating system non-privileged local interactive user home directories.
Migrate the non-privileged local interactive user home directories onto the separate file system/partition.
Verify that a separate file system/partition has been created for SUSE operating system non-privileged local interactive user home directories.
Check the home directory assignment for all non-privileged users (those with a UID greater than 1000) on the system with the following command:
> awk -F: '($3>=1000)&&($7 !~ /nologin/){print $1, $3, $6, $7}' /etc/passwd
adamsj 1002 /home/adamsj /bin/bash
jacksonm 1003 /home/jacksonm /bin/bash
smithj 1001 /home/smithj /bin/bash
The output of the command will give the directory/partition that contains the home directories for the non-privileged users on the system (in this example, /home) and user's shell. All accounts with a valid shell (such as /bin/bash) are considered interactive users.
Check that a file system/partition has been created for the non-privileged interactive users with the following command:
Note: The partition of /home is used in the example.
> grep /home /etc/fstab
UUID=333ada18 /home ext4 noatime,nobarrier,nodev 1 2
If a separate entry for the file system/partition that contains the non-privileged interactive users' home directories does not exist, this is a finding.
V-235004
False
SLES-15-040200
Verify that a separate file system/partition has been created for SUSE operating system non-privileged local interactive user home directories.
Check the home directory assignment for all non-privileged users (those with a UID greater than 1000) on the system with the following command:
> awk -F: '($3>=1000)&&($7 !~ /nologin/){print $1, $3, $6, $7}' /etc/passwd
adamsj 1002 /home/adamsj /bin/bash
jacksonm 1003 /home/jacksonm /bin/bash
smithj 1001 /home/smithj /bin/bash
The output of the command will give the directory/partition that contains the home directories for the non-privileged users on the system (in this example, /home) and user's shell. All accounts with a valid shell (such as /bin/bash) are considered interactive users.
Check that a file system/partition has been created for the non-privileged interactive users with the following command:
Note: The partition of /home is used in the example.
> grep /home /etc/fstab
UUID=333ada18 /home ext4 noatime,nobarrier,nodev 1 2
If a separate entry for the file system/partition that contains the non-privileged interactive users' home directories does not exist, this is a finding.
M
5274