Check: GEN000300
HP-UX 11.23 STIG:
GEN000300
(in version v1 r8)
Title
All accounts on the system must have unique user or account names. (Cat II impact)
Discussion
A unique user name is the first part of the identification and authentication process. If user names are not unique, there can be no accountability on the system for auditing purposes. Multiple accounts sharing the same name could result in the Denial of Service to one or both of the accounts or unauthorized access to files or privileges.
Check Content
Verify the consistency of the assigned home directories in the authentication database. For Trusted Mode: # authck -av For SMSE: # pwck If any duplicate account names are found, this is a finding.
Fix Text
Determine if the duplicate accounts have the same or different UIDs. # cat /etc/passwd | cut -f 1,1 -d “:” | sort | uniq -d If the UIDs are different, the account name must be changed. If the UIDs are the same, disable/remove one of the two (or more) password file entries via the SAM/SMH interface.
Additional Identifiers
Rule ID: SV-38442r2_rule
Vulnerability ID: V-761
Group Title: GEN000300
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000764 |
The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users). |
Controls
Number | Title |
---|---|
IA-2 |
Identification And Authentication (Organizational Users) |