Rule ID
SV-44901r1_rule
Version
V1R12
CCIs
Changing the root home directory to something other than / and assigning it a 0700 protection makes it more difficult for intruders to manipulate the system by reading the files root places in its default directory. It also gives root the same discretionary access control for root's home directory as for the other user home directories.
Determine if root is assigned a home directory other than / by listing its home directory.
Procedure:
# grep "^root" /etc/passwd | awk -F":" '{print $6}'
If the root user home directory is /, this is a finding.The root home directory should be something other than / (such as /roothome). Procedure: # mkdir /rootdir # chown root /rootdir # chgrp root /rootdir # chmod 700 /rootdir # cp -r /.??* /rootdir/. Then, edit the passwd file and change the root home directory to /rootdir. The cp -r /.??* command copies all files and subdirectories of file names beginning with "." into the new root directory, which preserves the previous root environment. Ensure you are in the "/" directory when executing the "cp" command. _ OR Use the YaST ‘Security and Users’ > ‘User and Group Management’ module to update the home directory for root.