Nutanix AOS must be configured so that all local interactive user home directories have mode "0750" or less permissive.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-254197	NUTX-OS-001100	SV-254197r846679_rule		Medium

Description
Excessive permissions on local interactive user home directories may allow unauthorized access to user files by other users.

STIG	Date
Nutanix AOS 5.20.x OS Security Technical Implementation Guide	2022-08-24

Details

Check Text ( C-57682r846677_chk )
Confirm Nutanix AOS has assigned home directory of all local interactive users has a mode of "0750" or less permissive. Step 1. Determine interactive users $ sudo cat $(awk -F: '($3>=1000)&&($7 !~ /nologin/){print $6}' /etc/passwd) cat: /home/nutanix: Is a directory cat: /home/admin: Is a directory Step 2. Determine permissions on interactive users home directories. $ sudo stat -c "%a %n" /home/admin 750 /home/admin $ sudo stat -c "%a %n" /home/nutanix 750 /home/nutanix If home directories referenced in "/etc/passwd" do not have a mode of "0750" or less permissive, this is a finding.

Check Text ( C-57682r846677_chk )

Confirm Nutanix AOS has assigned home directory of all local interactive users has a mode of "0750" or less permissive.

Step 1. Determine interactive users
$ sudo cat $(awk -F: '($3>=1000)&&($7 !~ /nologin/){print $6}' /etc/passwd)
cat: /home/nutanix: Is a directory
cat: /home/admin: Is a directory

Step 2. Determine permissions on interactive users home directories.
$ sudo stat -c "%a %n" /home/admin
750 /home/admin

$ sudo stat -c "%a %n" /home/nutanix
750 /home/nutanix

If home directories referenced in "/etc/passwd" do not have a mode of "0750" or less permissive, this is a finding.

Fix Text (F-57633r846678_fix)
Configure any interactive users home directory to have a mode of "0750" or less by running the command: $ sudo chmod 0750 [path to interactive users home directory]