Set Up a Private Namespace in PAM Configuration
An XCCDF Rule
Description
To setup a private namespace add the following line to /etc/pam.d/login
:
session required pam_namespace.so
Rationale
The pam_namespace PAM module sets up a private namespace for a session with polyinstantiated directories. A polyinstantiated directory provides a different instance of itself based on user name, or when using SELinux, user name, security context or both. The polyinstatied directories can be used to dedicate separate temporary directories to each account.
- ID
- xccdf_org.ssgproject.content_rule_enable_pam_namespace
- Severity
- Low
- References
- Updated
Remediation - Ansible
- name: Gather the package facts
package_facts:
manager: auto
tags:
- CCE-83743-5
- enable_pam_namespace
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if rpm --quiet -q pam; then
if ! grep -Eq '^\s*session\s+required\s+pam_namespace.so\s*$' '/etc/pam.d/login' ; then
echo "session required pam_namespace.so" >> "/etc/pam.d/login"
fi