STIGQter: STIG Summary: Solaris 10 SPARC Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

The root account's home directory (other than /) must have mode 0700.

DISA Rule

SV-226472r603265_rule

Vulnerability Number

V-226472

Group Title

SRG-OS-000326

Rule Version

GEN000920

Severity

CAT II

CCI(s)

• CCI-002233 - The information system prevents organization-defined software from executing at higher privilege levels than users executing the software.

Weight

10

Fix Recommendation

The root home directory will have permissions of 0700. Do not change the protections of the / directory. Use the following command to change protections for the root home directory.
# chmod 0700 /rootdir.

Check Contents

Check the mode of the root home directory.

Procedure:
# grep "^root" /etc/passwd | awk -F":" '{print $6}'
# ls -ld <root home directory>

If the mode of the directory is not equal to 0700, this is a finding. If the home directory is /, this is not applicable.

Vulnerability Number

V-226472

Documentable

False

Rule Version

GEN000920

Severity Override Guidance

Check the mode of the root home directory.

Procedure:
# grep "^root" /etc/passwd | awk -F":" '{print $6}'
# ls -ld <root home directory>

If the mode of the directory is not equal to 0700, this is a finding. If the home directory is /, this is not applicable.

Check Content Reference

M

Target Key

4060

Comments