← Back to SUSE Linux Enterprise Server 15 Security Technical Implementation Guide

V-235004

CAT III (Low)

A separate file system must be used for SUSE operating system user home directories (such as /home or an equivalent).

Rule ID

SV-235004r1184485_rule

STIG

SUSE Linux Enterprise Server 15 Security Technical Implementation Guide

Version

V2R7

CCIs

None

Discussion

The use of separate file systems for different paths can protect the system from failures resulting from a file system becoming full or failing.

Check Content

Verify that a separate file system/partition has been created for SUSE operating system nonprivileged local interactive user home directories.

Check the home directory assignment for all nonprivileged users (those with a UID greater than 1000) on the system with the following command:

> awk -F: '($3>=1000)&&($7 !~ /nologin/){print $1, $3, $6, $7}' /etc/passwd

disauser 1002 /home/disauser /bin/bash
doduser 1003 /home/doduser /bin/bash
doduser 1001 /home/doduser /bin/bash

The output of the command will give the directory/partition that contains the home directories for the nonprivileged users on the system (in this example, /home) and user's shell. All accounts with a valid shell (such as /bin/bash) are considered interactive users.

Check that a file system/partition has been created for the nonprivileged interactive users with the following command:

Note: The partition of /home is used in the example.

> grep /home /etc/fstab
UUID=333ada18 /home ext4 noatime,nobarrier,nodev 1 2

If a separate entry for the file system/partition that contains the nonprivileged interactive users' home directories does not exist, this is a finding.

Fix Text

Create a separate file system/partition for SUSE operating system nonprivileged local interactive user home directories.

Migrate the nonprivileged local interactive user home directories onto the separate file system/partition.