STIGQter STIGQter: STIG Summary: SLES 12 Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 24 Jan 2020: A separate file system must be used for SUSE operating system user home directories (such as /home or an equivalent).

DISA Rule

SV-91957r3_rule

Vulnerability Number

V-77261

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

SLES-12-010850

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Create a separate file system/partition for SUSE operating system non-privileged local interactive user home directories.

Migrate the non-privileged local interactive user home directories onto the separate file system/partition.

Check Contents

Verify that a separate file system/partition has been created for SUSE operating system non-privileged local interactive user home directories.

Check the home directory assignment for all non-privileged users (those with a UID greater than 1000) on the system with the following command:

# cut -d: -f 1,3,6,7 /etc/passwd | egrep ":[1-4][0-9]{3}" | tr ":" "\t"

adamsj 1002 /home/adamsj /bin/bash
jacksonm 1003 /home/jacksonm /bin/bash
smithj 1001 /home/smithj /bin/bash

The output of the command will give the directory/partition that contains the home directories for the non-privileged users on the system (in this example, /home) and user's shell. All accounts with a valid shell (such as /bin/bash) are considered interactive users.

Check that a file system/partition has been created for the non-privileged interactive users with the following command:

Note: The partition of /home is used in the example.

# grep /home /etc/fstab
UUID=333ada18 /home ext4 noatime,nobarrier,nodev 1 2

If a separate entry for the file system/partition that contains the non-privileged interactive users' home directories does not exist, this is a finding.

Vulnerability Number

V-77261

Documentable

False

Rule Version

SLES-12-010850

Severity Override Guidance

Verify that a separate file system/partition has been created for SUSE operating system non-privileged local interactive user home directories.

Check the home directory assignment for all non-privileged users (those with a UID greater than 1000) on the system with the following command:

# cut -d: -f 1,3,6,7 /etc/passwd | egrep ":[1-4][0-9]{3}" | tr ":" "\t"

adamsj 1002 /home/adamsj /bin/bash
jacksonm 1003 /home/jacksonm /bin/bash
smithj 1001 /home/smithj /bin/bash

The output of the command will give the directory/partition that contains the home directories for the non-privileged users on the system (in this example, /home) and user's shell. All accounts with a valid shell (such as /bin/bash) are considered interactive users.

Check that a file system/partition has been created for the non-privileged interactive users with the following command:

Note: The partition of /home is used in the example.

# grep /home /etc/fstab
UUID=333ada18 /home ext4 noatime,nobarrier,nodev 1 2

If a separate entry for the file system/partition that contains the non-privileged interactive users' home directories does not exist, this is a finding.

Check Content Reference

M

Target Key

2903

Comments