RHEL7 STIG Compliance
Summary
A US Fed customer notes that the default GitLab install fails on several points of configuration and permissions. Specifically: v-204468 The Red Hat Enterprise Linux operating system must be configured so that all local interactive user home directories have mode 0750 or less permissive.
The users git creates set their home directories to places other than /home. Because of this and the permissions set on these non-standard homedirs STIG fails this rule.
findings:
v-204469 The Red Hat Enterprise Linux operating system must be configured so that all local interactive user home directories are owned by their respective users.
The following users either need to have their shell set to sbin/nologin
or bin/false
OR
their homedirs need to be owned by them.
findings:
v-204470 The Red Hat Enterprise Linux operating system must be configured so that all local interactive user home directories are group-owned by the home directory owners primary group.
The following users either need to have their shell set to sbin/nologin
or bin/false
OR
their homedirs need to have their group permissions set to the users primary group.
findings:
v-204472 The Red Hat Enterprise Linux operating system must be configured so that all files and directories contained in local interactive user home directories are group-owned by a group of which the home directory owner is a member.
All users created by GitLab install either need to have their shell set to sbin/nologin
or bin/false
OR
the files in their configured homedirs need to have their group ownership set to the users primary group.
findings: Too many files to list.
Using this benchmark