This bunch is fun. For instance, if (for whatever reason), you're using local accounts with NFS home directories, this check is going to be relatively useless if autofs is enabled.
Also, for 0206220, I use the PAM mkhomedir plugin to ensure that all users end up with a home directory upon first login. Making that non-optional will incur a failed login if the directory can't be created and is, I think, a better approach than pre-creating the directories. So, some of these checks are fine for a stand-alone system but relatively pointless in an Enterprise architecture. Trevor On Thu, Jun 1, 2017 at 3:57 PM, Sean <[email protected]> wrote: > Hi SCAP folks... > > I am curious what anyone working on the RHEL 7 STIG Alignment or > remediation thinks about these controls relating to "interactive user" home > directories. Is this something you see fit to implement through a > remediation script? It's one thing to setup a new system that complies > with these rules before new users start using it, but running a script to > correct this kind of stuff on an existing system seems like inviting a lot > of trouble. > > Also, clearly there is nothing new in these controls specific to RHEL7, > should we expect to see these controls pushed into the RHEL6 STIG too? > > Thanks for your thoughts! > > --Sean > > _______________________________________________ > scap-security-guide mailing list -- scap-security-guide@lists. > fedorahosted.org > To unsubscribe send an email to scap-security-guide-leave@ > lists.fedorahosted.org > > -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 x788 -- This account not approved for unencrypted proprietary information --
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected]
