Check: GEN000380
SUSE Linux Enterprise Server v11 for System z STIG:
GEN000380
(in versions v1 r12 through v1 r9)
Title
All GIDs referenced in the /etc/passwd file must be defined in the /etc/group file. (Cat III impact)
Discussion
If a user is assigned the GID of a group not existing on the system, and a group with the GID is subsequently created, the user may have unintended rights to the group.
Check Content
Perform the following to ensure there are no GIDs referenced in /etc/passwd not defined in /etc/group: # pwck -r If GIDs referenced in /etc/passwd are not defined in /etc/group are returned, this is a finding.
Fix Text
Add a group to the system for each GID referenced without a corresponding group.
Additional Identifiers
Rule ID: SV-44827r1_rule
Vulnerability ID: V-781
Group Title: GEN000380
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000366 |
The organization implements the security configuration settings. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| CM-6 |
Configuration Settings |