All OL 8 local interactive user home directories must have mode "0750" or less permissive.

STIG ID: OL08-00-010730  |  SRG: SRG-OS-000480-GPOS-00227 |  Severity: medium |  CCI: CCI-000366 |  Vulnerability Id: V-248639

Vulnerability Discussion

Excessive permissions on local interactive user home directories may allow unauthorized access to user files by other users.

Check

Verify the assigned home directory of all local interactive users has a mode of "0750" or less permissive with the following command.

Note: This may miss interactive users that have been assigned a privileged User Identifier (UID). Evidence of interactive use may be obtained from a number of log files containing system logon information.

$ sudo ls -ld $(awk -F: '($3>=1000)&&($1!="nobody"){print $6}' /etc/passwd)

drwxr-x--- 2 smithj admin 4096 Jun 5 12:41 smithj

If home directories of interactive users referenced in "/etc/passwd" do not have a mode of "0750" or less permissive, this is a finding.

Fix

Change the mode of interactive users' home directories to "0750" using the following command.

Note: The example will be for the user "smithj".

$ sudo chmod 0750 /home/smithj
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.