All Interactive Users Must Have A Home Directory Defined
An XCCDF Rule
Description
Assign home directories to all interactive users that currently do not
have a home directory assigned.
This rule checks if the home directory is properly defined in a folder which has
at least one parent folder, like "user" in "/home/user" or "/remote/users/user".
Therefore, this rule will report a finding for home directories like /users
,
/tmp
or /
.
Rationale
If local interactive users are not assigned a valid home directory, there is no place for the storage and control of files they should own.
- ID
- xccdf_org.ssgproject.content_rule_accounts_user_interactive_home_directory_defined
- Severity
- Medium
- References
- Updated
Remediation - Shell Script
for user in $(awk -F':' '{ if ($3 >= 1000 && $3 != 65534) print $1 }' /etc/passwd); do
# This follows the same logic of evaluation of home directories as used in OVAL.
if ! grep -q $user /etc/passwd | cut -d: -f6 | grep '^\/\w*\/\w\{1,\}'; then
sed -i "s/\($user:x:[0-9]*:[0-9]*:.*:\).*\(:.*\)$/\1\/home\/$user\2/g" /etc/passwd;
fi
Remediation - Ansible
- name: Get all local users from /etc/passwd
ansible.builtin.getent:
database: passwd
split: ':'
tags:
- DISA-STIG-RHEL-07-020600