Ensure /home Located On Separate Partition

An XCCDF Rule

Description

If user home directories will be stored locally, create a separate partition for /home at installation time (or migrate it later using LVM). If /home will be mounted from another system such as an NFS server, then creating a separate partition is not necessary at installation time, and the mountpoint can instead be configured later.

Rationale

Ensuring that /home is mounted on its own partition enables the setting of more restrictive mount options, and also helps ensure that users cannot trivially fill partitions used for log or audit data storage.

ID: xccdf_org.ssgproject.content_rule_partition_for_home
Severity: Low
References: BP28(R12)

12 15 8

APO13.01 DSS05.02

CCI-000366 CCI-001208

SR 3.1 SR 3.5 SR 3.8 SR 4.1 SR 4.3 SR 5.1 SR 5.2 SR 5.3 SR 7.1 SR 7.6

A.13.1.1 A.13.2.1 A.14.1.3

CM-6(a) SC-5(2)

PR.PT-4

SRG-OS-000480-GPOS-00227

SV-204493r603840_rule

1.1.2.3.1
Updated: about 1 year ago


part /home


[[customizations.filesystem]]
mountpoint = "/home"
size = 1073741824

Ensure /home Located On Separate Partition

Description

Rationale

Remediation - Anaconda Pre-Install Instructions

Remediation - OS Build Blueprint