Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-254197 | NUTX-OS-001100 | SV-254197r846679_rule | Medium |
Description |
---|
Excessive permissions on local interactive user home directories may allow unauthorized access to user files by other users. |
STIG | Date |
---|---|
Nutanix AOS 5.20.x OS Security Technical Implementation Guide | 2022-08-24 |
Check Text ( C-57682r846677_chk ) |
---|
Confirm Nutanix AOS has assigned home directory of all local interactive users has a mode of "0750" or less permissive. Step 1. Determine interactive users $ sudo cat $(awk -F: '($3>=1000)&&($7 !~ /nologin/){print $6}' /etc/passwd) cat: /home/nutanix: Is a directory cat: /home/admin: Is a directory Step 2. Determine permissions on interactive users home directories. $ sudo stat -c "%a %n" /home/admin 750 /home/admin $ sudo stat -c "%a %n" /home/nutanix 750 /home/nutanix If home directories referenced in "/etc/passwd" do not have a mode of "0750" or less permissive, this is a finding. |
Fix Text (F-57633r846678_fix) |
---|
Configure any interactive users home directory to have a mode of "0750" or less by running the command: $ sudo chmod 0750 [path to interactive users home directory] |