Check: AZLX-23-002480
Amazon Linux 2023 STIG:
AZLX-23-002480
(in version v1 r1)
Title
Amazon Linux 2023 must insure all interactive users have a primary group that exists. (Cat II impact)
Discussion
If a user is assigned the group identifier (GID) of a group that does not exist on the system, and a group with the GID is subsequently created, the user may have unintended rights to any files associated with the group. Satisfies: SRG-OS-000104-GPOS-00051, SRG-OS-000121-GPOS-00062, SRG-OS-000042-GPOS-00020
Check Content
Verify Amazon Linux 2023 interactive users have a valid GID with the following command: $ sudo pwck -qr If the system has any interactive users with duplicate GIDs, this is a finding.
Fix Text
Configure Amazon Linux 2023 so that all GIDs are referenced in "/etc/passwd" are defined in "/etc/group". Edit the file "/etc/passwd" and ensure that every user's GID is a valid GID.
Additional Identifiers
Rule ID: SV-274159r1120465_rule
Vulnerability ID: V-274159
Group Title: SRG-OS-000104-GPOS-00051
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000135 |
Generate audit records containing the organization-defined additional information that is to be included in the audit records. |
| CCI-000764 |
Uniquely identify and authenticate organizational users and associate that unique identification with processes acting on behalf of those users. |
| CCI-000804 |
Uniquely identify and authenticate non-organizational users or processes acting on behalf of non-organizational users. |