On 6/4/17 2:12 PM, Trevor Vaughan wrote: > This bunch is fun. > > For instance, if (for whatever reason), you're using local accounts > with NFS home directories, this check is going to be relatively > useless if autofs is enabled. > > Also, for 0206220, I use the PAM mkhomedir plugin to ensure that all > users end up with a home directory upon first login. Making that > non-optional will incur a failed login if the directory can't be > created and is, I think, a better approach than pre-creating the > directories. > > So, some of these checks are fine for a stand-alone system but > relatively pointless in an Enterprise architecture. >
awesome approach. I'll lobby with DISA to have those rules replaced by mkhomedir. _______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected]
