Check: AIX7-00-001036
IBM AIX 7.x STIG:
AIX7-00-001036
(in versions v3 r1 through v1 r1)
Title
UIDs reserved for system accounts must not be assigned to non-system accounts on AIX systems. (Cat II impact)
Discussion
Reserved UIDs are typically used by system software packages. If non-system accounts have UIDs in this range, they may conflict with system software, possibly leading to the user having permissions to modify system files.
Check Content
Check the UID assignments of all accounts using: # more /etc/passwd root:!:0:0::/root:/usr/bin/ksh daemon:!:1:1::/etc: bin:!:2:2::/bin: sys:!:3:3::/usr/sys: adm:!:4:4::/var/adm: nobody:!:4294967294:4294967294::/: invscout:*:6:12::/var/adm/invscout:/usr/bin/ksh srvproxy:*:203:0:Service Proxy Daemon:/home/srvproxy:/usr/bin/ksh esaadmin:*:7:0::/var/esa:/usr/bin/ksh sshd:*:212:203::/var/empty:/usr/bin/ksh doej:*:704:1776::/home/doej:/usr/bin/ksh Confirm all accounts with a UID of 128 and below are used by a system account. If a UID reserved for system accounts (0-128) is used by a non-system account, this is a finding.
Fix Text
Using the "usermod" command, change the UID numbers for non-system accounts with reserved UIDs (those less or equal to 128): # usermod -u <uid> [user_name]
Additional Identifiers
Rule ID: SV-215195r991589_rule
Vulnerability ID: V-215195
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
Implement the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |