{"description": "When a user logs into a Unix account, the system\nconfigures the user's session by reading a number of files. Many of\nthese files are located in the user's home directory, and may have\nweak permissions as a result of user error or misconfiguration. If\nan attacker can modify or even read certain types of account\nconfiguration information, they can often gain full access to the\naffected user's account. Therefore, it is important to test and\ncorrect configuration file permissions for interactive accounts,\nparticularly those of privileged users such as root or system\nadministrators.", "warnings": [], "requires": [], "conflicts": [], "values": ["var_accounts_fail_delay", "var_accounts_max_concurrent_login_sessions", "var_accounts_tmout", "var_user_initialization_files_regex"], "groups": ["root_paths", "user_umask"], "rules": ["accounts_have_homedir_login_defs", "accounts_logon_fail_delay", "accounts_max_concurrent_login_sessions", "accounts_polyinstantiated_tmp", "accounts_polyinstantiated_var_tmp", "accounts_tmout", "accounts_user_dot_group_ownership", "accounts_user_dot_no_world_writable_programs", "accounts_user_dot_user_ownership", "accounts_user_home_paths_only", "accounts_user_interactive_home_directory_defined", "accounts_user_interactive_home_directory_exists", "accounts_users_home_files_groupownership", "accounts_users_home_files_ownership", "accounts_users_home_files_permissions", "accounts_users_netrc_file_permissions", "accounts_users_own_home_directories", "file_groupownership_home_directories", "file_groupownership_lastlog", "file_ownership_home_directories", "file_ownership_lastlog", "file_permission_user_bash_history", "file_permission_user_init_files", "file_permission_user_init_files_root", "file_permissions_home_directories", "file_permissions_home_dirs", "file_permissions_lastlog"], "platform": "", "platforms": [], "inherited_platforms": [], "cpe_platform_names": [], "title": "Secure Session Configuration Files for Login Accounts", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-session/group.yml"}