Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The root account must be the only account having a UID of 0.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-58421 | AOSX-09-001065 | SV-72851r1_rule | Medium |
| Description |
|---|
| The built in root account is disabled by default and administrator users are required to use sudo to run a process with the UID '0'. If another account with UID '0' exists, this is a sign of a network intrusion or a malicious user that is attempting to circumvent security controls. |
| STIG | Date |
|---|---|
| Apple OS X 10.9 (Mavericks) Workstation Security Technical Implementation Guide | 2017-01-05 |
Details
| Check Text ( C-59247r1_chk ) |
|---|
| To list all of the accounts with a UID of '0', run this command: sudo dscl . -list /Users UniqueID | grep -w 0 | wc -l If the result is not '1', this is a finding. |
| Fix Text (F-63735r1_fix) |
|---|
| Investigate as to why any additional accounts were set up with a UID of '0'. Remove any invalid accounts. |