Check: GEN002640
Solaris 10 SPARC STIG:
GEN002640
(in versions v2 r4 through v1 r19)
Title
Default system accounts must be disabled or removed. (Cat II impact)
Discussion
Vendor accounts and software may contain backdoors allowing unauthorized access to the system. These backdoors are common knowledge and present a threat to system security if the account is not disabled.
Check Content
Determine if default system accounts (such as, those for sys, bin, uucp, nuucp, daemon, smtp, gdm, lp, nobody) have been disabled. # cat /etc/shadow If an account's password field is "*", "*LK*", "NP", or is prefixed with a "!", the account is locked or disabled. If any default system account is not locked and its use is not justified and documented with the ISSO, this is a finding.
Fix Text
Lock the default system account(s). # passwd -l <user>
Additional Identifiers
Rule ID: SV-226588r603265_rule
Vulnerability ID: V-226588
Group Title: SRG-OS-000095
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000381 |
The organization configures the information system to provide only essential capabilities. |
Controls
Number | Title |
---|---|
CM-7 |
Least Functionality |