Check: GEN000000-SOL00440
Solaris 9 X86 STIG:
GEN000000-SOL00440
(in version v1 r9)
Title
The root account must be the only account with GID of 0. (Cat I impact)
Discussion
Accounts with a GID of 0 have root group privileges.
Check Content
Check passwd and group files for non-root user ids and group ids with a GID of 0. # more /etc/passwd # more /etc/group OR # awk -F: '$4 == 0' /etc/passwd # awk -F: '$3 == 0' /etc/group Confirm the only account with a group id of 0 is root. If the root account is not the only account with GID of 0, this is a finding.
Fix Text
Change the default GID of non-root accounts to a valid GID other than 0.
Additional Identifiers
Rule ID: SV-12534r2_rule
Vulnerability ID: V-12033
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000225 |
The organization employs the concept of least privilege, allowing only authorized accesses for users (and processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions. |
CCI-000764 |
The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users). |