The AIX root user home directory must not be the root directory (/).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-215434 | AIX7-00-003140 | SV-215434r991592_rule | CCI-000366 | medium |
| Description | ||||
| Changing the root home directory to something other than / and assigning it a 0700 protection makes it more difficult for intruders to manipulate the system by reading the files that root places in its default directory. It also gives root the same discretionary access control for root's home directory as for the other plain user home directories. | ||||
| STIG | Date | |||
| IBM AIX 7.x Security Technical Implementation Guide | 2024-08-16 | |||
Related Frameworks
4 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
CM-6
1.00
- DISA · 3 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.4.1
1.00
- DISA · 3 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.4.2
1.00
- DISA · 3 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000366
1.00
- DISA · 3 · disa_xccdf · related
Details
Check Text (C-215434r991592_chk)
Determine if root is assigned a home directory other than "/" by listing its home directory by running command:
# grep "^root" /etc/passwd | awk -F":" '{print $6}'
/root
If the root user's home directory is "/", this is a finding.
Fix Text (F-16630r294754_fix)
The root home directory should be something other than "/" (such as /root).
Run commands:
# mkdir /root
# chown root /root
# chgrp system /root
# chmod 700 /root
Then, edit the passwd file and change the root home directory to "/root".