Check: GEN000320
SUSE Linux Enterprise Server v11 for System z STIG:
GEN000320
(in versions v1 r12 through v1 r9)
Title
All accounts must be assigned unique User Identification Numbers (UIDs). (Cat II impact)
Discussion
Accounts sharing a UID have full access to each others' files. This has the same effect as sharing a login. There is no way to assure identification, authentication, and accountability because the system sees them as the same user. If the duplicate UID is 0, this gives potential intruders another privileged account to attack.
Check Content
Perform the following to ensure there are no duplicate UIDs: # pwck -r If any duplicate UIDs are found, this is a finding.
Fix Text
Edit user accounts to provide unique UIDs for each account.
Additional Identifiers
Rule ID: SV-44821r1_rule
Vulnerability ID: V-762
Group Title: GEN000320
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000764 |
The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users). |
Controls
Number | Title |
---|---|
IA-2 |
Identification And Authentication (Organizational Users) |