All files and directories contained in user home directories must have mode 0750 or less permissive.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-915	GEN001560	SV-38498r1_rule	ECLP-1	Low

Description
Excessive permissions allow unauthorized access to user files.

STIG	Date
HP-UX 11.31 Security Technical Implementation Guide	2018-09-14

Details

Check Text ( C-36341r5_chk )

For each user in the /etc/passwd file, check for files and directories with a mode more permissive than 0750. NOTE the following exclusions/exemptions: HP installed users "hpsmh" and "cimsrvr". Note that some home directories "may" restrict access to their files. # find / ! -fstype nfs ! \( -name .login -o -name .cshrc -o -name .logout -o -name .profile -o -name .bash_profile -o -name .bbashrc -o -name .env -o -name .dtprofile -o -name .dispatch -o -name .emacs -o -name .exrc \) \( -perm -0001 -o -perm -0002 -o -perm -0004 -o -perm -0020 -o -perm -2000 -o -perm -4000 \) -exec ls -ld {} \; Or # ls -lLR `cat /etc/passwd | cut -f 6,6 -d ":"` | more If user home directories contain files or directories more permissive than 0750, this is a finding.

Fix Text (F-31596r1_fix)
Change the mode of files and directories within user home directories to 0750. Procedure: # chmod 0750 filename Document all changes.