Check: GEN000360
Solaris 10 X86 STIG:
GEN000360
(in versions v2 r4 through v1 r17)
Title
GIDs reserved for system accounts must not be assigned to non-system groups. (Cat II impact)
Discussion
Reserved GIDs are typically used by system software packages. If non-system groups have GIDs in this range, they may conflict with system software, possibly leading to the group having permissions to modify system files.
Check Content
# more /etc/passwd Confirm all accounts with a GID of 99 and below are used by a system account. If a GID reserved for system accounts (0 - 99) is used by a non-system account, this is a finding.
Fix Text
Change the primary group GID numbers for non-system accounts with reserved primary group GIDs (those less or equal to 99). # usermod -g <new_group> <user>
Additional Identifiers
Rule ID: SV-227572r603266_rule
Vulnerability ID: V-227572
Group Title: SRG-OS-000480
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |