CloudLinux AlmaLinux OS 9 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000480-GPOS-00227
Group -
SRG-OS-000480-GPOS-00230
Group -
All AlmaLinux OS 9 local interactive user accounts must be assigned a home directory upon creation.
If local interactive users are not assigned a valid home directory, there is no place for the storage and control of files they should own.Rule Medium Severity -
SRG-OS-000480-GPOS-00230
Group -
SRG-OS-000480-GPOS-00230
Group -
SRG-OS-000480-GPOS-00230
Group -
AlmaLinux OS 9 must prevent code from being executed on file systems that contain user home directories.
The "noexec" mount option causes the system to not execute binary files. This option must be used for mounting any file system not containing approved binary files, as they may be incompatible. ...Rule Medium Severity -
SRG-OS-000480-GPOS-00230
Group -
A separate file system must be used for user home directories (such as /home or an equivalent).
Ensuring that "/home" is mounted on its own partition enables the setting of more restrictive mount options, and also helps ensure that users cannot trivially fill partitions used for log or audit ...Rule Medium Severity -
SRG-OS-000480-GPOS-00230
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.