Check: GEN000520
HP-UX 11.31 STIG:
GEN000520
(in versions v1 r19 through v1 r13)
Title
The root user must not own the logon session for an application requiring a continuous display. (Cat II impact)
Discussion
If an application is providing a continuous display and is running with root privileges, unauthorized users could interrupt the process and gain root access to the system.
Check Content
NOTE: This will virtually always require a manual review. If there is an application running on the system that is continuously in use (such as a network monitoring application), ask the SA what the name of the application is. Execute ps -ef | more to determine which user owns the process(es) associated with the application. If the owner is root, this is a finding.
Fix Text
Configure the system so the owner of a session requiring a continuous screen display, such as a network management display, is not root. Ensure the display is also located in a secure, controlled access area. Document and justify this requirement and ensure the terminal and keyboard for the display (or workstation) are secure from all but authorized personnel by maintaining them in a secure area, in a locked cabinet where a swipe card, or other positive forms of identification, must be used to gain entry.
Additional Identifiers
Rule ID: SV-38447r1_rule
Vulnerability ID: V-769
Group Title: GEN000520
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000225 |
The organization employs the concept of least privilege, allowing only authorized accesses for users (and processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions. |
Controls
| Number | Title |
|---|---|
| AC-6 |
Least Privilege |