{"description": "fapolicyd needs be configured so that users cannot give access to their home folders to other users.", "rationale": "Users' home directories/folders may contain information of a sensitive nature.\nNon-privileged users should coordinate any sharing of information with a System Administrator (SA) through shared resources.\nfapolicyd can confine users to their home directory, not allowing them to make any changes outside of their own home directories.\nConfining users to their home directory will minimize the risk of sharing information.", "severity": "medium", "references": {"nist": ["CM-6 b"], "srg": ["SRG-OS-000480-GPOS-00230"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": null, "ocil": null, "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [{"general": "This rule is deprecated and there is no replacement at this time.\nPrevious versions of this rule provided fixtext that would cause fapolicyd not to start."}], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 must limit the ability of non-privileged users to grant other users direct access to the contents of their home directories/folders.", "vuldiscussion": "Users' home directories/folders may contain information of a sensitive nature.\nNon-privileged users should coordinate any sharing of information with a System Administrator (SA) through shared resources.\nfapolicyd can confine users to their home directory, not allowing them to make any changes outside of their own home directories.\nConfining users to their home directory will minimize the risk of sharing information.", "checktext": "Verify that fapolicyd on Ubuntu 22.04 prevents ability of non-privileged users to grant other users direct access to the contents of their home directories/folders.\n\nRun the following command:\n\ngrep -r \"deny_audit perm=chmod path=/home\" /etc/fapolicyd/rules.d", "fixtext": "Configure fapolicyd to ability of non-privileged users to grant other users direct access to the contents of their home directories/folders.\n\nAdd or edit the following lines in /etc/fapolicyd/rules.d/90-deny-home.\n\ndeny_audit perm=chmod path=/home all : all\n\nNote: That fapolicyd must have correctly configured rules. All configurations will be based on the actual system setup and organizational polices and practices."}}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "fapolicyd Must be Configured to Limit Access to Users Home Folders", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/fapolicyd/fapolicyd_prevent_home_folder_access/rule.yml", "template": null}