From 609444a47fb6ccc21b628e5899c4913ccc8d0d48 Mon Sep 17 00:00:00 2001
From: Charles Herlin <charles.herlin@corp.ovh.com>
Date: Thu, 12 Sep 2019 17:43:12 +0200
Subject: [PATCH] Renum User and Groups settings 13.x to 6.2.x

	renamed:    bin/hardening/13.8_check_user_dot_file_perm.sh -> bin/hardening/6.2.10_check_user_dot_file_perm.sh
	renamed:    bin/hardening/13.19_find_user_forward_files.sh -> bin/hardening/6.2.11_find_user_forward_files.sh
	renamed:    bin/hardening/13.18_find_user_netrc_files.sh -> bin/hardening/6.2.12_find_user_netrc_files.sh
	renamed:    bin/hardening/13.9_set_perm_on_user_netrc.sh -> bin/hardening/6.2.13_set_perm_on_user_netrc.sh
	renamed:    bin/hardening/13.10_find_user_rhosts_files.sh -> bin/hardening/6.2.14_find_user_rhosts_files.sh
	renamed:    bin/hardening/13.11_find_passwd_group_inconsistencies.sh -> bin/hardening/6.2.15_find_passwd_group_inconsistencies.sh
	renamed:    bin/hardening/13.14_check_duplicate_uid.sh -> bin/hardening/6.2.16_check_duplicate_uid.sh
	renamed:    bin/hardening/13.15_check_duplicate_gid.sh -> bin/hardening/6.2.17_check_duplicate_gid.sh
	renamed:    bin/hardening/13.16_check_duplicate_username.sh -> bin/hardening/6.2.18_check_duplicate_username.sh
	renamed:    bin/hardening/13.17_check_duplicate_groupname.sh -> bin/hardening/6.2.19_check_duplicate_groupname.sh
	renamed:    bin/hardening/13.1_remove_empty_password_field.sh -> bin/hardening/6.2.1_remove_empty_password_field.sh
	renamed:    bin/hardening/13.20_shadow_group_empty.sh -> bin/hardening/6.2.20_shadow_group_empty.sh
	renamed:    bin/hardening/13.2_remove_legacy_passwd_entries.sh -> bin/hardening/6.2.2_remove_legacy_passwd_entries.sh
	renamed:    bin/hardening/13.3_remove_legacy_shadow_entries.sh -> bin/hardening/6.2.3_remove_legacy_shadow_entries.sh
	renamed:    bin/hardening/13.4_remove_legacy_group_entries.sh -> bin/hardening/6.2.4_remove_legacy_group_entries.sh
	renamed:    bin/hardening/13.5_find_0_uid_non_root_account.sh -> bin/hardening/6.2.5_find_0_uid_non_root_account.sh
	renamed:    bin/hardening/13.6_sanitize_root_path.sh -> bin/hardening/6.2.6_sanitize_root_path.sh
	renamed:    bin/hardening/13.7_check_user_dir_perm.sh -> bin/hardening/6.2.8_check_user_dir_perm.sh
	renamed:    bin/hardening/13.12_users_valid_homedir.sh -> bin/hardening/6.2.9_users_valid_homedir.sh
	renamed:    tests/hardening/13.9_set_perm_on_user_netrc.sh -> tests/hardening/6.2.10_check_user_dot_file_perm.sh
	renamed:    tests/hardening/13.8_check_user_dot_file_perm.sh -> tests/hardening/6.2.11_find_user_forward_files.sh
	renamed:    tests/hardening/13.7_check_user_dir_perm.sh -> tests/hardening/6.2.12_find_user_netrc_files.sh
	renamed:    tests/hardening/13.6_sanitize_root_path.sh -> tests/hardening/6.2.13_set_perm_on_user_netrc.sh
	renamed:    tests/hardening/13.4_remove_legacy_group_entries.sh -> tests/hardening/6.2.15_find_passwd_group_inconsistencies.sh
	renamed:    tests/hardening/13.14_check_duplicate_uid.sh -> tests/hardening/6.2.16_check_duplicate_uid.sh
	renamed:    tests/hardening/13.15_check_duplicate_gid.sh -> tests/hardening/6.2.17_check_duplicate_gid.sh
	renamed:    tests/hardening/13.3_remove_legacy_shadow_entries.sh -> tests/hardening/6.2.18_check_duplicate_username.sh
	renamed:    tests/hardening/13.2_remove_legacy_passwd_entries.sh -> tests/hardening/6.2.19_check_duplicate_groupname.sh
	renamed:    tests/hardening/13.20_shadow_group_empty.sh -> tests/hardening/6.2.1_remove_empty_password_field.sh
	renamed:    tests/hardening/13.1_remove_empty_password_field.sh -> tests/hardening/6.2.20_shadow_group_empty.sh
	renamed:    tests/hardening/13.19_find_user_forward_files.sh -> tests/hardening/6.2.2_remove_legacy_passwd_entries.sh
	renamed:    tests/hardening/13.18_find_user_netrc_files.sh -> tests/hardening/6.2.3_remove_legacy_shadow_entries.sh
	renamed:    tests/hardening/13.17_check_duplicate_groupname.sh -> tests/hardening/6.2.4_remove_legacy_group_entries.sh
	renamed:    tests/hardening/13.5_find_0_uid_non_root_account.sh -> tests/hardening/6.2.5_find_0_uid_non_root_account.sh
	renamed:    tests/hardening/13.16_check_duplicate_username.sh -> tests/hardening/6.2.6_sanitize_root_path.sh
	renamed:    tests/hardening/13.12_users_valid_homedir.sh -> tests/hardening/6.2.8_check_user_dir_perm.sh
	renamed:    tests/hardening/13.11_find_passwd_group_inconsistencies.sh -> tests/hardening/6.2.9_users_valid_homedir.sh
---
 ....sh => 6.2.10_check_user_dot_file_perm.sh} |  2 +-
 ...s.sh => 6.2.11_find_user_forward_files.sh} |  2 +-
 ...les.sh => 6.2.12_find_user_netrc_files.sh} |  2 +-
 ...rc.sh => 6.2.13_set_perm_on_user_netrc.sh} |  4 +-
 ...es.sh => 6.2.14_find_user_rhosts_files.sh} |  2 +-
 ...2.15_find_passwd_group_inconsistencies.sh} |  2 +-
 ...e_uid.sh => 6.2.16_check_duplicate_uid.sh} |  4 +-
 ...e_gid.sh => 6.2.17_check_duplicate_gid.sh} |  4 +-
 ....sh => 6.2.18_check_duplicate_username.sh} |  2 +-
 ...sh => 6.2.19_check_duplicate_groupname.sh} |  2 +-
 ...h => 6.2.1_remove_empty_password_field.sh} |  2 +-
 ..._empty.sh => 6.2.20_shadow_group_empty.sh} |  2 +-
 ... => 6.2.2_remove_legacy_passwd_entries.sh} |  2 +-
 ... => 6.2.3_remove_legacy_shadow_entries.sh} |  2 +-
 ...h => 6.2.4_remove_legacy_group_entries.sh} |  2 +-
 ...h => 6.2.5_find_0_uid_non_root_account.sh} |  2 +-
 ...ot_path.sh => 6.2.6_sanitize_root_path.sh} |  2 +-
 ...r_perm.sh => 6.2.8_check_user_dir_perm.sh} |  2 +-
 ...omedir.sh => 6.2.9_users_valid_homedir.sh} | 40 ++++++++++++++++---
 ....sh => 6.2.10_check_user_dot_file_perm.sh} |  0
 ...r.sh => 6.2.11_find_user_forward_files.sh} |  0
 ...ame.sh => 6.2.12_find_user_netrc_files.sh} |  0
 ...me.sh => 6.2.13_set_perm_on_user_netrc.sh} |  0
 ...2.15_find_passwd_group_inconsistencies.sh} |  0
 ...e_uid.sh => 6.2.16_check_duplicate_uid.sh} |  0
 ...e_gid.sh => 6.2.17_check_duplicate_gid.sh} |  0
 ....sh => 6.2.18_check_duplicate_username.sh} |  0
 ...sh => 6.2.19_check_duplicate_groupname.sh} |  0
 ...h => 6.2.1_remove_empty_password_field.sh} |  0
 ...ntries.sh => 6.2.20_shadow_group_empty.sh} |  0
 ... => 6.2.2_remove_legacy_passwd_entries.sh} |  0
 ... => 6.2.3_remove_legacy_shadow_entries.sh} |  0
 ...h => 6.2.4_remove_legacy_group_entries.sh} |  0
 ...h => 6.2.5_find_0_uid_non_root_account.sh} |  0
 ...ir_perm.sh => 6.2.6_sanitize_root_path.sh} |  0
 ...e_perm.sh => 6.2.8_check_user_dir_perm.sh} |  0
 ..._netrc.sh => 6.2.9_users_valid_homedir.sh} |  0
 37 files changed, 56 insertions(+), 26 deletions(-)
 rename bin/hardening/{13.8_check_user_dot_file_perm.sh => 6.2.10_check_user_dot_file_perm.sh} (97%)
 rename bin/hardening/{13.19_find_user_forward_files.sh => 6.2.11_find_user_forward_files.sh} (96%)
 rename bin/hardening/{13.18_find_user_netrc_files.sh => 6.2.12_find_user_netrc_files.sh} (96%)
 rename bin/hardening/{13.9_set_perm_on_user_netrc.sh => 6.2.13_set_perm_on_user_netrc.sh} (94%)
 rename bin/hardening/{13.10_find_user_rhosts_files.sh => 6.2.14_find_user_rhosts_files.sh} (96%)
 rename bin/hardening/{13.11_find_passwd_group_inconsistencies.sh => 6.2.15_find_passwd_group_inconsistencies.sh} (95%)
 rename bin/hardening/{13.14_check_duplicate_uid.sh => 6.2.16_check_duplicate_uid.sh} (96%)
 rename bin/hardening/{13.15_check_duplicate_gid.sh => 6.2.17_check_duplicate_gid.sh} (95%)
 rename bin/hardening/{13.16_check_duplicate_username.sh => 6.2.18_check_duplicate_username.sh} (96%)
 rename bin/hardening/{13.17_check_duplicate_groupname.sh => 6.2.19_check_duplicate_groupname.sh} (96%)
 rename bin/hardening/{13.1_remove_empty_password_field.sh => 6.2.1_remove_empty_password_field.sh} (97%)
 rename bin/hardening/{13.20_shadow_group_empty.sh => 6.2.20_shadow_group_empty.sh} (97%)
 rename bin/hardening/{13.2_remove_legacy_passwd_entries.sh => 6.2.2_remove_legacy_passwd_entries.sh} (96%)
 rename bin/hardening/{13.3_remove_legacy_shadow_entries.sh => 6.2.3_remove_legacy_shadow_entries.sh} (96%)
 rename bin/hardening/{13.4_remove_legacy_group_entries.sh => 6.2.4_remove_legacy_group_entries.sh} (96%)
 rename bin/hardening/{13.5_find_0_uid_non_root_account.sh => 6.2.5_find_0_uid_non_root_account.sh} (97%)
 rename bin/hardening/{13.6_sanitize_root_path.sh => 6.2.6_sanitize_root_path.sh} (98%)
 rename bin/hardening/{13.7_check_user_dir_perm.sh => 6.2.8_check_user_dir_perm.sh} (98%)
 rename bin/hardening/{13.12_users_valid_homedir.sh => 6.2.9_users_valid_homedir.sh} (54%)
 rename tests/hardening/{13.11_find_passwd_group_inconsistencies.sh => 6.2.10_check_user_dot_file_perm.sh} (100%)
 rename tests/hardening/{13.12_users_valid_homedir.sh => 6.2.11_find_user_forward_files.sh} (100%)
 rename tests/hardening/{13.16_check_duplicate_username.sh => 6.2.12_find_user_netrc_files.sh} (100%)
 rename tests/hardening/{13.17_check_duplicate_groupname.sh => 6.2.13_set_perm_on_user_netrc.sh} (100%)
 rename tests/hardening/{13.18_find_user_netrc_files.sh => 6.2.15_find_passwd_group_inconsistencies.sh} (100%)
 rename tests/hardening/{13.14_check_duplicate_uid.sh => 6.2.16_check_duplicate_uid.sh} (100%)
 rename tests/hardening/{13.15_check_duplicate_gid.sh => 6.2.17_check_duplicate_gid.sh} (100%)
 rename tests/hardening/{13.19_find_user_forward_files.sh => 6.2.18_check_duplicate_username.sh} (100%)
 rename tests/hardening/{13.1_remove_empty_password_field.sh => 6.2.19_check_duplicate_groupname.sh} (100%)
 rename tests/hardening/{13.20_shadow_group_empty.sh => 6.2.1_remove_empty_password_field.sh} (100%)
 rename tests/hardening/{13.2_remove_legacy_passwd_entries.sh => 6.2.20_shadow_group_empty.sh} (100%)
 rename tests/hardening/{13.3_remove_legacy_shadow_entries.sh => 6.2.2_remove_legacy_passwd_entries.sh} (100%)
 rename tests/hardening/{13.4_remove_legacy_group_entries.sh => 6.2.3_remove_legacy_shadow_entries.sh} (100%)
 rename tests/hardening/{13.6_sanitize_root_path.sh => 6.2.4_remove_legacy_group_entries.sh} (100%)
 rename tests/hardening/{13.5_find_0_uid_non_root_account.sh => 6.2.5_find_0_uid_non_root_account.sh} (100%)
 rename tests/hardening/{13.7_check_user_dir_perm.sh => 6.2.6_sanitize_root_path.sh} (100%)
 rename tests/hardening/{13.8_check_user_dot_file_perm.sh => 6.2.8_check_user_dir_perm.sh} (100%)
 rename tests/hardening/{13.9_set_perm_on_user_netrc.sh => 6.2.9_users_valid_homedir.sh} (100%)

diff --git a/bin/hardening/13.8_check_user_dot_file_perm.sh b/bin/hardening/6.2.10_check_user_dot_file_perm.sh
similarity index 97%
rename from bin/hardening/13.8_check_user_dot_file_perm.sh
rename to bin/hardening/6.2.10_check_user_dot_file_perm.sh
index f4d702b..6aac5d5 100755
--- a/bin/hardening/13.8_check_user_dot_file_perm.sh
+++ b/bin/hardening/6.2.10_check_user_dot_file_perm.sh
@@ -5,7 +5,7 @@
 #
 
 #
-# 13.8 Check User Dot File Permissions (Scored)
+# 6.2.10 Ensure users' dot files are not group or world writable (Scored)
 #
 
 set -e # One error, it's over
diff --git a/bin/hardening/13.19_find_user_forward_files.sh b/bin/hardening/6.2.11_find_user_forward_files.sh
similarity index 96%
rename from bin/hardening/13.19_find_user_forward_files.sh
rename to bin/hardening/6.2.11_find_user_forward_files.sh
index e26926b..f14af16 100755
--- a/bin/hardening/13.19_find_user_forward_files.sh
+++ b/bin/hardening/6.2.11_find_user_forward_files.sh
@@ -5,7 +5,7 @@
 #
 
 #
-# 13.19 Check for Presence of User .forward Files (Scored)
+# 6.2.11 Ensure no users have .forward files (Scored)
 #
 
 set -e # One error, it's over
diff --git a/bin/hardening/13.18_find_user_netrc_files.sh b/bin/hardening/6.2.12_find_user_netrc_files.sh
similarity index 96%
rename from bin/hardening/13.18_find_user_netrc_files.sh
rename to bin/hardening/6.2.12_find_user_netrc_files.sh
index f475474..6a59b08 100755
--- a/bin/hardening/13.18_find_user_netrc_files.sh
+++ b/bin/hardening/6.2.12_find_user_netrc_files.sh
@@ -5,7 +5,7 @@
 #
 
 #
-# 13.18 Check for Presence of User .netrc Files (Scored)
+# 6.2.12 Ensure no users have .netrc files (Scored)
 #
 
 set -e # One error, it's over
diff --git a/bin/hardening/13.9_set_perm_on_user_netrc.sh b/bin/hardening/6.2.13_set_perm_on_user_netrc.sh
similarity index 94%
rename from bin/hardening/13.9_set_perm_on_user_netrc.sh
rename to bin/hardening/6.2.13_set_perm_on_user_netrc.sh
index c73de7e..3c271db 100755
--- a/bin/hardening/13.9_set_perm_on_user_netrc.sh
+++ b/bin/hardening/6.2.13_set_perm_on_user_netrc.sh
@@ -5,14 +5,14 @@
 #
 
 #
-# 13.9 Check Permissions on User .netrc Files (Scored)
+# 6.2.13 Ensure users' .netrc Files are not group or world accessible (Scored)
 #
 
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
 HARDENING_LEVEL=2
-DESCRIPTION="Check user permissions on .netrc file."
+DESCRIPTION="Ensure users' .netrc Files are not group or world accessible"
 
 PERMISSIONS="600"
 ERRORS=0
diff --git a/bin/hardening/13.10_find_user_rhosts_files.sh b/bin/hardening/6.2.14_find_user_rhosts_files.sh
similarity index 96%
rename from bin/hardening/13.10_find_user_rhosts_files.sh
rename to bin/hardening/6.2.14_find_user_rhosts_files.sh
index 0148ab0..a131747 100755
--- a/bin/hardening/13.10_find_user_rhosts_files.sh
+++ b/bin/hardening/6.2.14_find_user_rhosts_files.sh
@@ -5,7 +5,7 @@
 #
 
 #
-# 13.10 Check for Presence of User .rhosts Files (Scored)
+# 6.2.14 Ensure no users have .rhosts files (Scored)
 #
 
 set -e # One error, it's over
diff --git a/bin/hardening/13.11_find_passwd_group_inconsistencies.sh b/bin/hardening/6.2.15_find_passwd_group_inconsistencies.sh
similarity index 95%
rename from bin/hardening/13.11_find_passwd_group_inconsistencies.sh
rename to bin/hardening/6.2.15_find_passwd_group_inconsistencies.sh
index 208454e..ddbc05d 100755
--- a/bin/hardening/13.11_find_passwd_group_inconsistencies.sh
+++ b/bin/hardening/6.2.15_find_passwd_group_inconsistencies.sh
@@ -5,7 +5,7 @@
 #
 
 #
-# 13.11 Check Groups in /etc/passwd (Scored)
+# 6.2.15 Ensure all groups in /etc/passwd exist in /etc/group (Scored)
 #
 
 set -e # One error, it's over
diff --git a/bin/hardening/13.14_check_duplicate_uid.sh b/bin/hardening/6.2.16_check_duplicate_uid.sh
similarity index 96%
rename from bin/hardening/13.14_check_duplicate_uid.sh
rename to bin/hardening/6.2.16_check_duplicate_uid.sh
index fcdc175..891b75d 100755
--- a/bin/hardening/13.14_check_duplicate_uid.sh
+++ b/bin/hardening/6.2.16_check_duplicate_uid.sh
@@ -5,7 +5,7 @@
 #
 
 #
-# 13.14 Check for Duplicate UIDs (Scored)
+# 6.2.16 Ensure no duplicate UIDs exist (Scored)
 #
 
 set -e # One error, it's over
@@ -14,7 +14,7 @@ set -u # One variable unset, it's over
 # shellcheck disable=2034
 HARDENING_LEVEL=2
 # shellcheck disable=2034
-DESCRIPTION="Checking for duplicate UIDs."
+DESCRIPTION="Ensure no duplicate UIDs exist"
 EXCEPTIONS=""
 
 ERRORS=0
diff --git a/bin/hardening/13.15_check_duplicate_gid.sh b/bin/hardening/6.2.17_check_duplicate_gid.sh
similarity index 95%
rename from bin/hardening/13.15_check_duplicate_gid.sh
rename to bin/hardening/6.2.17_check_duplicate_gid.sh
index f4ca580..8212da2 100755
--- a/bin/hardening/13.15_check_duplicate_gid.sh
+++ b/bin/hardening/6.2.17_check_duplicate_gid.sh
@@ -5,7 +5,7 @@
 #
 
 #
-# 13.15 Check for Duplicate GIDs (Scored)
+# 6.2.17 Ensure no duplicate GIDs exist (Scored)
 #
 
 set -e # One error, it's over
@@ -14,7 +14,7 @@ set -u # One variable unset, it's over
 # shellcheck disable=2034
 HARDENING_LEVEL=2
 # shellcheck disable=2034
-DESCRIPTION="There is no duplicate GIDs."
+DESCRIPTION="Ensure no duplicate GIDs exist"
 
 ERRORS=0
 
diff --git a/bin/hardening/13.16_check_duplicate_username.sh b/bin/hardening/6.2.18_check_duplicate_username.sh
similarity index 96%
rename from bin/hardening/13.16_check_duplicate_username.sh
rename to bin/hardening/6.2.18_check_duplicate_username.sh
index 02b4c89..27a8743 100755
--- a/bin/hardening/13.16_check_duplicate_username.sh
+++ b/bin/hardening/6.2.18_check_duplicate_username.sh
@@ -5,7 +5,7 @@
 #
 
 #
-# 13.16 Check for Duplicate User Names (Scored)
+# 6.2.18 Ensure no duplicate user names exist (Scored)
 #
 
 set -e # One error, it's over
diff --git a/bin/hardening/13.17_check_duplicate_groupname.sh b/bin/hardening/6.2.19_check_duplicate_groupname.sh
similarity index 96%
rename from bin/hardening/13.17_check_duplicate_groupname.sh
rename to bin/hardening/6.2.19_check_duplicate_groupname.sh
index 589982b..94a8ab5 100755
--- a/bin/hardening/13.17_check_duplicate_groupname.sh
+++ b/bin/hardening/6.2.19_check_duplicate_groupname.sh
@@ -5,7 +5,7 @@
 #
 
 #
-# 13.17 Check for Duplicate Group Names (Scored)
+# 6.2.19 Ensure no duplicate group names exist (Scored)
 #
 
 set -e # One error, it's over
diff --git a/bin/hardening/13.1_remove_empty_password_field.sh b/bin/hardening/6.2.1_remove_empty_password_field.sh
similarity index 97%
rename from bin/hardening/13.1_remove_empty_password_field.sh
rename to bin/hardening/6.2.1_remove_empty_password_field.sh
index d5351ad..c378e6c 100755
--- a/bin/hardening/13.1_remove_empty_password_field.sh
+++ b/bin/hardening/6.2.1_remove_empty_password_field.sh
@@ -5,7 +5,7 @@
 #
 
 #
-# 13.1 Ensure Password Fields are Not Empty (Scored)
+# 6.2.1 Ensure Password Fields are Not Empty (Scored)
 #
 
 set -e # One error, it's over
diff --git a/bin/hardening/13.20_shadow_group_empty.sh b/bin/hardening/6.2.20_shadow_group_empty.sh
similarity index 97%
rename from bin/hardening/13.20_shadow_group_empty.sh
rename to bin/hardening/6.2.20_shadow_group_empty.sh
index 0d2acd3..7bf1108 100755
--- a/bin/hardening/13.20_shadow_group_empty.sh
+++ b/bin/hardening/6.2.20_shadow_group_empty.sh
@@ -5,7 +5,7 @@
 #
 
 #
-# 13.20 Ensure shadow group is empty (Scored)
+# 6.2.20 Ensure shadow group is empty (Scored)
 #
 
 set -e # One error, it's over
diff --git a/bin/hardening/13.2_remove_legacy_passwd_entries.sh b/bin/hardening/6.2.2_remove_legacy_passwd_entries.sh
similarity index 96%
rename from bin/hardening/13.2_remove_legacy_passwd_entries.sh
rename to bin/hardening/6.2.2_remove_legacy_passwd_entries.sh
index f3ca853..7254e32 100755
--- a/bin/hardening/13.2_remove_legacy_passwd_entries.sh
+++ b/bin/hardening/6.2.2_remove_legacy_passwd_entries.sh
@@ -5,7 +5,7 @@
 #
 
 #
-# 13.2 Verify No Legacy "+" Entries Exist in /etc/passwd File (Scored)
+# 6.2.2 Verify No Legacy "+" Entries Exist in /etc/passwd File (Scored)
 #
 
 set -e # One error, it's over
diff --git a/bin/hardening/13.3_remove_legacy_shadow_entries.sh b/bin/hardening/6.2.3_remove_legacy_shadow_entries.sh
similarity index 96%
rename from bin/hardening/13.3_remove_legacy_shadow_entries.sh
rename to bin/hardening/6.2.3_remove_legacy_shadow_entries.sh
index 83dcbf7..5b6cece 100755
--- a/bin/hardening/13.3_remove_legacy_shadow_entries.sh
+++ b/bin/hardening/6.2.3_remove_legacy_shadow_entries.sh
@@ -5,7 +5,7 @@
 #
 
 #
-# 13.3 Verify No Legacy "+" Entries Exist in /etc/shadow File (Scored)
+# 6.2.3 Verify No Legacy "+" Entries Exist in /etc/shadow File (Scored)
 #
 
 set -e # One error, it's over
diff --git a/bin/hardening/13.4_remove_legacy_group_entries.sh b/bin/hardening/6.2.4_remove_legacy_group_entries.sh
similarity index 96%
rename from bin/hardening/13.4_remove_legacy_group_entries.sh
rename to bin/hardening/6.2.4_remove_legacy_group_entries.sh
index 9fcf2f0..d01f0a5 100755
--- a/bin/hardening/13.4_remove_legacy_group_entries.sh
+++ b/bin/hardening/6.2.4_remove_legacy_group_entries.sh
@@ -5,7 +5,7 @@
 #
 
 #
-# 13.4 Verify No Legacy "+" Entries Exist in /etc/group File (Scored)
+# 6.2.4 Verify No Legacy "+" Entries Exist in /etc/group File (Scored)
 #
 
 set -e # One error, it's over
diff --git a/bin/hardening/13.5_find_0_uid_non_root_account.sh b/bin/hardening/6.2.5_find_0_uid_non_root_account.sh
similarity index 97%
rename from bin/hardening/13.5_find_0_uid_non_root_account.sh
rename to bin/hardening/6.2.5_find_0_uid_non_root_account.sh
index 130c70b..5b3dca2 100755
--- a/bin/hardening/13.5_find_0_uid_non_root_account.sh
+++ b/bin/hardening/6.2.5_find_0_uid_non_root_account.sh
@@ -5,7 +5,7 @@
 #
 
 #
-# 13.5 Verify No UID 0 Accounts Exist Other Than root (Scored)
+# 6.2.5 Ensure root is the only UID 0 account (Scored)
 #
 
 set -e # One error, it's over
diff --git a/bin/hardening/13.6_sanitize_root_path.sh b/bin/hardening/6.2.6_sanitize_root_path.sh
similarity index 98%
rename from bin/hardening/13.6_sanitize_root_path.sh
rename to bin/hardening/6.2.6_sanitize_root_path.sh
index 57b3dc1..d833525 100755
--- a/bin/hardening/13.6_sanitize_root_path.sh
+++ b/bin/hardening/6.2.6_sanitize_root_path.sh
@@ -5,7 +5,7 @@
 #
 
 #
-# 13.6 Ensure root PATH Integrity (Scored)
+# 6.2.6 Ensure root PATH Integrity (Scored)
 #
 
 set -e # One error, it's over
diff --git a/bin/hardening/13.7_check_user_dir_perm.sh b/bin/hardening/6.2.8_check_user_dir_perm.sh
similarity index 98%
rename from bin/hardening/13.7_check_user_dir_perm.sh
rename to bin/hardening/6.2.8_check_user_dir_perm.sh
index 48f5170..ff552d9 100755
--- a/bin/hardening/13.7_check_user_dir_perm.sh
+++ b/bin/hardening/6.2.8_check_user_dir_perm.sh
@@ -5,7 +5,7 @@
 #
 
 #
-# 13.7 Check Permissions on User Home Directories (Scored)
+# 6.2.8 Check Permissions on User Home Directories (Scored)
 #
 
 set -e # One error, it's over
diff --git a/bin/hardening/13.12_users_valid_homedir.sh b/bin/hardening/6.2.9_users_valid_homedir.sh
similarity index 54%
rename from bin/hardening/13.12_users_valid_homedir.sh
rename to bin/hardening/6.2.9_users_valid_homedir.sh
index 809cad7..5179fd1 100755
--- a/bin/hardening/13.12_users_valid_homedir.sh
+++ b/bin/hardening/6.2.9_users_valid_homedir.sh
@@ -5,34 +5,64 @@
 #
 
 #
-# 13.12 Check That Users Are Assigned Valid Home Directories (Scored)
+# 6.2.9 Ensure users own their home directories (Scored)
 #
 
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
 HARDENING_LEVEL=2
-DESCRIPTION="Users are assigned valid home directories."
+DESCRIPTION="Ensure users own their home directories"
 
 ERRORS=0
 
 # This function will be called if the script status is on enabled / audit mode
 audit () {
+    debug "Checking homedir exists"
     RESULT=$(cat /etc/passwd | awk -F: '{ print $1 ":" $3 ":" $6 }')
-    for LINE in $RESULT; do 
+    for LINE in $RESULT; do
         debug "Working on $LINE"
         USER=$(awk -F: {'print $1'} <<< $LINE)
         USERID=$(awk -F: {'print $2'} <<< $LINE)
         DIR=$(awk -F: {'print $3'} <<< $LINE)
         if [ $USERID -ge 1000 -a ! -d "$DIR" -a $USER != "nfsnobody" -a $USER != "nobody" -a "$DIR" != "/nonexistent" ]; then
             crit "The home directory ($DIR) of user $USER does not exist."
-            ERRORS=$((ERRORS+1))    
+            ERRORS=$((ERRORS+1))
         fi
     done
 
     if [ $ERRORS = 0 ]; then
         ok "All home directories exists"
-    fi 
+    fi
+    debug "Checking homedir ownership"
+    RESULT=$(awk -F: '{ print $1 ":" $3 ":" $6 }' /etc/passwd )
+    for LINE in $RESULT; do
+        debug "Working on $LINE"
+        USER=$(awk -F: '{print $1}' <<< "$LINE")
+        USERID=$(awk -F: '{print $2}' <<< "$LINE")
+        DIR=$(awk -F: '{print $3}' <<< "$LINE")
+        if [ "$USERID" -ge 500 ] && [ -d "$DIR" ] && [ "$USER" != "nfsnobody" ]; then
+            OWNER=$(stat -L -c "%U" "$DIR")
+            if [ "$OWNER" != "$USER" ]; then
+                EXCEP_FOUND=0
+                for excep in $EXCEPTIONS; do
+                    if [ "$DIR:$USER:$OWNER" = "$excep" ]; then
+                        ok "The home directory ($DIR) of user $USER is owned by $OWNER but is part of exceptions ($DIR:$USER:$OWNER)."
+                        EXCEP_FOUND=1
+                        break
+                    fi
+                done
+                if [ "$EXCEP_FOUND" -eq 0 ]; then
+                    crit "The home directory ($DIR) of user $USER is owned by $OWNER."
+                    ERRORS=$((ERRORS+1))
+                fi
+            fi
+        fi
+    done
+
+    if [ $ERRORS = 0 ]; then
+        ok "All home directories have correct ownership"
+    fi
 }
 
 # This function will be called if the script status is on enabled mode
diff --git a/tests/hardening/13.11_find_passwd_group_inconsistencies.sh b/tests/hardening/6.2.10_check_user_dot_file_perm.sh
similarity index 100%
rename from tests/hardening/13.11_find_passwd_group_inconsistencies.sh
rename to tests/hardening/6.2.10_check_user_dot_file_perm.sh
diff --git a/tests/hardening/13.12_users_valid_homedir.sh b/tests/hardening/6.2.11_find_user_forward_files.sh
similarity index 100%
rename from tests/hardening/13.12_users_valid_homedir.sh
rename to tests/hardening/6.2.11_find_user_forward_files.sh
diff --git a/tests/hardening/13.16_check_duplicate_username.sh b/tests/hardening/6.2.12_find_user_netrc_files.sh
similarity index 100%
rename from tests/hardening/13.16_check_duplicate_username.sh
rename to tests/hardening/6.2.12_find_user_netrc_files.sh
diff --git a/tests/hardening/13.17_check_duplicate_groupname.sh b/tests/hardening/6.2.13_set_perm_on_user_netrc.sh
similarity index 100%
rename from tests/hardening/13.17_check_duplicate_groupname.sh
rename to tests/hardening/6.2.13_set_perm_on_user_netrc.sh
diff --git a/tests/hardening/13.18_find_user_netrc_files.sh b/tests/hardening/6.2.15_find_passwd_group_inconsistencies.sh
similarity index 100%
rename from tests/hardening/13.18_find_user_netrc_files.sh
rename to tests/hardening/6.2.15_find_passwd_group_inconsistencies.sh
diff --git a/tests/hardening/13.14_check_duplicate_uid.sh b/tests/hardening/6.2.16_check_duplicate_uid.sh
similarity index 100%
rename from tests/hardening/13.14_check_duplicate_uid.sh
rename to tests/hardening/6.2.16_check_duplicate_uid.sh
diff --git a/tests/hardening/13.15_check_duplicate_gid.sh b/tests/hardening/6.2.17_check_duplicate_gid.sh
similarity index 100%
rename from tests/hardening/13.15_check_duplicate_gid.sh
rename to tests/hardening/6.2.17_check_duplicate_gid.sh
diff --git a/tests/hardening/13.19_find_user_forward_files.sh b/tests/hardening/6.2.18_check_duplicate_username.sh
similarity index 100%
rename from tests/hardening/13.19_find_user_forward_files.sh
rename to tests/hardening/6.2.18_check_duplicate_username.sh
diff --git a/tests/hardening/13.1_remove_empty_password_field.sh b/tests/hardening/6.2.19_check_duplicate_groupname.sh
similarity index 100%
rename from tests/hardening/13.1_remove_empty_password_field.sh
rename to tests/hardening/6.2.19_check_duplicate_groupname.sh
diff --git a/tests/hardening/13.20_shadow_group_empty.sh b/tests/hardening/6.2.1_remove_empty_password_field.sh
similarity index 100%
rename from tests/hardening/13.20_shadow_group_empty.sh
rename to tests/hardening/6.2.1_remove_empty_password_field.sh
diff --git a/tests/hardening/13.2_remove_legacy_passwd_entries.sh b/tests/hardening/6.2.20_shadow_group_empty.sh
similarity index 100%
rename from tests/hardening/13.2_remove_legacy_passwd_entries.sh
rename to tests/hardening/6.2.20_shadow_group_empty.sh
diff --git a/tests/hardening/13.3_remove_legacy_shadow_entries.sh b/tests/hardening/6.2.2_remove_legacy_passwd_entries.sh
similarity index 100%
rename from tests/hardening/13.3_remove_legacy_shadow_entries.sh
rename to tests/hardening/6.2.2_remove_legacy_passwd_entries.sh
diff --git a/tests/hardening/13.4_remove_legacy_group_entries.sh b/tests/hardening/6.2.3_remove_legacy_shadow_entries.sh
similarity index 100%
rename from tests/hardening/13.4_remove_legacy_group_entries.sh
rename to tests/hardening/6.2.3_remove_legacy_shadow_entries.sh
diff --git a/tests/hardening/13.6_sanitize_root_path.sh b/tests/hardening/6.2.4_remove_legacy_group_entries.sh
similarity index 100%
rename from tests/hardening/13.6_sanitize_root_path.sh
rename to tests/hardening/6.2.4_remove_legacy_group_entries.sh
diff --git a/tests/hardening/13.5_find_0_uid_non_root_account.sh b/tests/hardening/6.2.5_find_0_uid_non_root_account.sh
similarity index 100%
rename from tests/hardening/13.5_find_0_uid_non_root_account.sh
rename to tests/hardening/6.2.5_find_0_uid_non_root_account.sh
diff --git a/tests/hardening/13.7_check_user_dir_perm.sh b/tests/hardening/6.2.6_sanitize_root_path.sh
similarity index 100%
rename from tests/hardening/13.7_check_user_dir_perm.sh
rename to tests/hardening/6.2.6_sanitize_root_path.sh
diff --git a/tests/hardening/13.8_check_user_dot_file_perm.sh b/tests/hardening/6.2.8_check_user_dir_perm.sh
similarity index 100%
rename from tests/hardening/13.8_check_user_dot_file_perm.sh
rename to tests/hardening/6.2.8_check_user_dir_perm.sh
diff --git a/tests/hardening/13.9_set_perm_on_user_netrc.sh b/tests/hardening/6.2.9_users_valid_homedir.sh
similarity index 100%
rename from tests/hardening/13.9_set_perm_on_user_netrc.sh
rename to tests/hardening/6.2.9_users_valid_homedir.sh