UCF STIG Viewer Logo

All files and directories contained in user home directories must not have extended ACLs.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22352 GEN001570 SV-37188r1_rule ECLP-1 Medium
Description
Excessive permissions allow unauthorized access to user files.
STIG Date
Red Hat Enterprise Linux 5 Security Technical Implementation Guide 2017-03-01

Details

Check Text ( C-37530r1_chk )
Check the contents of user home directories for files with extended ACLs.
# cut -d : -f 6 /etc/passwd | xargs -n1 -IDIR ls -alLR DIR
If the permissions include a '+', the file has an extended ACL. If the file has an extended ACL and it has not been documented with the IAO, this is a finding.

Fix Text (F-32776r1_fix)
Remove the extended ACL from the file.
# setfacl --remove-all