Default system accounts must be disabled or removed.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-810	GEN002640	SV-27264r1_rule	IAAC-1	Medium

Description
Vendor accounts and software may contain backdoors that will allow unauthorized access to the system. These backdoors are common knowledge and present a threat to system security if the account is not disabled.

STIG	Date
HP-UX 11.31 Security Technical Implementation Guide	2012-05-25

Details

Check Text ( C-36408r1_chk )
Determine if default system accounts (such as those for sys, bin, uucp, nuucp, daemon, smtp) have been disabled. # cat /etc/shadow OR, as HP-UX is required to be in Trusted Mode, an "example" of checking the sys account would be: # cat /tcb/files/auth/s/sys \| grep "u_pwd=" If an account's password field is "", "LK*", or is prefixed with a '!', the account is locked or disabled. If there are any default system accounts that are not locked, this is a finding.

Check Text ( C-36408r1_chk )

Determine if default system accounts (such as those for sys, bin, uucp, nuucp, daemon, smtp) have been disabled.
# cat /etc/shadow

OR, as HP-UX is required to be in Trusted Mode, an "example" of checking the sys account would be:
# cat /tcb/files/auth/s/sys | grep "u_pwd="

If an account's password field is "*", "*LK*", or is prefixed with a '!', the account is locked or disabled. If there are any default system accounts that are not locked, this is a finding.

Fix Text (F-31746r1_fix)
Lock the default system account(s). # passwd -l OR alternatively use the HP SMH application.