Check: GEN000340
VMware ESX 3 Server:
GEN000340
(in version v1 r2)
Title
UIDs reserved for system accounts must not be assigned to non-system accounts. (Cat II impact)
Discussion
Reserved UIDs are typically used by system software packages. If non-system accounts have UIDs in this range, they may conflict with system software, possibly leading to the user having permissions to modify system files.
Check Content
Check the UID assignments of all accounts. # more /etc/passwd Confirm all accounts with a UID of 99 and below are used by a system account. If a UID reserved for system accounts (0 - 99) is used by a non-system account, this is a finding.
Fix Text
Change the UID numbers for non-system accounts with reserved UIDs (those less or equal to 99).
Additional Identifiers
Rule ID: SV-12447r2_rule
Vulnerability ID: V-11946
Group Title: GEN000340
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |