1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
documentation_complete: true
title: Set Up a Private Namespace in PAM Configuration
description: |-
To setup a private namespace add the following line to <tt>/etc/pam.d/login</tt>:
<pre>session required pam_namespace.so</pre>
rationale: |-
The pam_namespace PAM module sets up a private namespace for a
session with polyinstantiated directories. A polyinstantiated directory
provides a different instance of itself based on user name, or when using
SELinux, user name, security context or both. The polyinstatied directories
can be used to dedicate separate temporary directories to each account.
severity: low
identifiers:
cce@rhel8: CCE-83744-3
cce@rhel10: CCE-90739-4
cce@sle12: CCE-91505-8
cce@sle15: CCE-91196-6
ocil_clause: |-
pam_namespace.so is not required or is commented out
ocil: |-
To check if pam_namespace.so is required for user login, run the following command:
<pre>$ grep pam_namespace.so /etc/pam.d/login</pre>
The output should return the following uncommented:
<pre>session required pam_namespace.so</pre>
platform: package[pam]
|
