Title

All GIDs referenced in the /etc/passwd file must be defined in the /etc/group file. (Cat III impact)

Discussion

If a user is assigned the GID of a group not existing on the system, and a group with that GID is subsequently created, the user may have unintended rights to the group.

Check Content

Determine if any GIDs referenced in /etc/passwd are not defined in /etc/group. Procedure: # cat /etc/passwd | cut -f 4,4 -d ":" | sort | uniq With the above GIDs, manually execute the following command for every GID from above. Note that this command is expected to return line entry information from /etc/group. # grep -n <GID> /etc/group If any GIDs referenced in /etc/passwd and not defined in /etc/group are returned, this is a finding.

Fix Text

Add a group to the system (edit /etc/group) for each GID referenced without a corresponding group.

Additional Identifiers

Rule ID: SV-38455r1_rule

Vulnerability ID: V-781

Group Title: GEN000380

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.