Rule Check: Home Directory Has No Device Files
The Home Directory Has No Device Files check searches the home directory of the specified user or users to verify that none of the files in the directory is a block or character device. The check fails for any specified user whose home directory contains one or more block or character device files.
(The presence in a user's home directory of a device file—which would normally be in the
/dev directory—could be a strong indicator of an intrusion.)
The check is indeterminate for any user whose account does not exist, or who has no defined home directory, or whose defined home directory does not actually exist.
Note: The search is recursive, including all subdirectories of the home directory. All files, including device files and fifos, are checked. Symlinks are examined for ownership but their targets are not examined. Information is returned only on files that fail the check, and only on the first 1000 failures in each home directory.
The list of names to check. This is a single account name, or a comma-delimited list of account names (maximum length = 255 characters), or the keyword ALL (must be capitalized - "all" is treated as a username). The UID cannot be used. Wildcards are not supported. Extra spaces are ignored. All usernames are case-sensitive.
Use the NOT operator to specify that all users except the specified ones should be checked.
Some valid examples are:
Some examples that will not work:
|Remedial Suggestion (optional)||