Navigate

Check: GEN000320

VMware ESX 3 Server: GEN000320 (in version v1 r2)

Title

All accounts must be assigned unique User Identification Numbers (UIDs). (Cat II impact)

Discussion

Accounts sharing a UID have full access to each others' files. This has the same effect as sharing a login. There is no way to assure identification, authentication, and accountability because the system sees them as the same user. If the duplicate UID is 0, this gives potential intruders another privileged account to attack.

Check Content

List any duplicate UIDs in /etc/passwd: # cut -d':' -f3 /etc/passwd | uniq -d This will show one copy of each duplicate UID.

Fix Text

Edit user accounts to provide unique UIDs for each account.

Additional Identifiers

Rule ID: SV-762r2_rule

Vulnerability ID: V-762

Group Title: GEN000320

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000764	The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
IA-2	Identification And Authentication (Organizational Users)