Title

Groups assigned to users must exist in the /etc/group file. (Cat II impact)

Discussion

Groups defined in passwd but not in group file pose a threat to system security since group permissions are not properly managed.

Check Content

The root role is required. Check that groups are configured correctly. # logins -xo | awk -F: '($3 == "") { print $1 }' If output is produced, this is a finding.

Fix Text

The root role is required. Correct or justify any items discovered in the Audit step. Determine if any groups are in passwd but not in group, and work with those users or group owners to determine the best course of action in accordance with site policy.

Additional Identifiers

Rule ID: SV-216422r603267_rule

Vulnerability ID: V-216422

Group Title: SRG-OS-000480

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.