All files and directories contained in user home directories must have mode 0750 or less permissive.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-915	GEN001560	SV-63837r1_rule		Low

Description
Excessive permissions allow unauthorized access to user files.

STIG	Date
Oracle Linux 5 Security Technical Implementation Guide	2018-03-01

Details

Check Text ( C-52373r2_chk )
For each user in the /etc/passwd file, check for files and directories with a mode more permissive than 0750. Procedure: # find / ! -fstype nfs ! \( -name .bashrc -o -name .bash_login -o -name .bash_logout -o -name .bash_profile -o -name .cshrc -o -name .kshrc -o -name .login -o -name .logout -o -name .profile -o -name .tcshrc -o -name .env -o -name .dtprofile -o -name .dispatch -o -name .emacs -o -name .exrc \) \( -perm -0001 -o -perm -0002 -o -perm -0004 -o -perm -0020 -o -perm -2000 -o -perm -4000 \) -exec ls -ld {} \; If user home directories contain files or directories more permissive than 0750, this is a finding.

Check Text ( C-52373r2_chk )

For each user in the /etc/passwd file, check for files and directories with a mode more permissive than 0750.

Procedure:
# find / ! -fstype nfs ! \( -name .bashrc -o -name .bash_login -o -name .bash_logout -o -name .bash_profile -o -name .cshrc -o -name .kshrc -o -name .login -o -name .logout -o -name .profile -o -name .tcshrc -o -name .env -o -name .dtprofile -o -name .dispatch -o -name .emacs -o -name .exrc \) \( -perm -0001 -o -perm -0002 -o -perm -0004 -o -perm -0020 -o -perm -2000 -o -perm -4000 \) -exec ls -ld {} \;

If user home directories contain files or directories more permissive than 0750, this is a finding.

Fix Text (F-54411r1_fix)
Change the mode of files and directories within user home directories to 0750. Procedure: # chmod 0750 filename Document all changes.