STIGQter: STIG Summary: Solaris 10 SPARC Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

The root user's home directory must not be the root directory (/).

DISA Rule

SV-226471r603265_rule

Vulnerability Number

V-226471

Group Title

SRG-OS-000480

Rule Version

GEN000900

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

The root home directory should be something other than / (such as /rootdir).

Procedure:
# mkdir /rootdir
# chown root /rootdir
# chgrp root /rootdir
# chmod 700 /rootdir
# cp -r /.??* /rootdir

Edit the passwd file and change the root home directory to /rootdir. The cp -r /.??* command copies all files and subdirectories of file names beginning with "." into the new root directory, which preserves the previous root environment. The cp command must be executed from the / directory.

Check Contents

Determine if root is assigned a home directory other than / by listing its home directory.

Procedure:
# grep "^root" /etc/passwd | awk -F":" '{print $6}'

If the root user home directory is /, this is a finding.

Vulnerability Number

V-226471

Documentable

False

Rule Version

GEN000900

Severity Override Guidance

Determine if root is assigned a home directory other than / by listing its home directory.

Procedure:
# grep "^root" /etc/passwd | awk -F":" '{print $6}'

If the root user home directory is /, this is a finding.

Check Content Reference

M

Target Key

4060

Comments