Check: GEN000850
HP-UX 11.23 STIG:
GEN000850
(in version v1 r8)
Title
The system must restrict the ability to switch to the root user to members of a defined group. (Cat III impact)
Discussion
Configuring a supplemental group for users permitted to switch to the root user prevents unauthorized users from accessing the root account, even with knowledge of the root credentials.
Check Content
Check /etc/default/security for the SU_ROOT_GROUP setting. # grep SU_ROOT_GROUP /etc/default/security Unless this setting is present, configured, and not commented out, this is a finding.
Fix Text
Edit /etc/default/security and uncomment, set, or add the SU_ROOT_GROUP setting with a value of wheel or equivalent. If necessary, create a wheel group and add administrative users to the group.
Additional Identifiers
Rule ID: SV-26349r1_rule
Vulnerability ID: V-22308
Group Title: GEN000850
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000009 |
The organization manages information system accounts by identifying authorized users of the information system and specifying access privileges. |
Controls
Number | Title |
---|---|
No controls are assigned to this check |