Check: SOL-11.1-070220
Solaris 11 x86 STIG:
SOL-11.1-070220
(in versions v2 r10 through v1 r10)
Title
The root account must be the only account with GID of 0. (Cat II impact)
Discussion
All accounts with a GID of 0 have root group privileges and must be limited to the group account only.
Check Content
Identify any users with GID of 0. # awk -F: '$4 == 0' /etc/passwd # awk -F: '$3 == 0' /etc/group Confirm the only account with a group id of 0 is root. If the root account is not the only account with GID of 0, this is a finding.
Fix Text
The root role is required. Change the default GID of non-root accounts to a valid GID other than 0.
Additional Identifiers
Rule ID: SV-216201r603268_rule
Vulnerability ID: V-216201
Group Title: SRG-OS-000480
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000366 |
The organization implements the security configuration settings. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| CM-6 |
Configuration Settings |