Ensure Home Directories are Created for New Users
An XCCDF Rule
Description
All local interactive user accounts, upon creation, should be assigned a home directory.
Configure the operating system to assign home directories to all new local interactive users by setting the CREATE_HOME
parameter in /etc/login.defs
to yes
as follows:
CREATE_HOME yes
Rationale
If local interactive users are not assigned a valid home directory, there is no place for the storage and control of files they should own.
- ID
- xccdf_org.ssgproject.content_rule_accounts_have_homedir_login_defs
- Severity
- Medium
- Updated
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if rpm --quiet -q shadow-utils; then
if [ -e "/etc/login.defs" ] ; then
LC_ALL=C sed -i "/^\s*CREATE_HOME\s\+/Id" "/etc/login.defs"
Remediation - Ansible
- name: Gather the package facts
package_facts:
manager: auto
tags:
- DISA-STIG-RHEL-09-411020
- accounts_have_homedir_login_defs