Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-40445 | GEN000000-HPUX0220 | SV-52432r1_rule | IAIA-1 | Medium |
Description |
---|
Best practices standard operating procedures for computing systems includes account management. If the root account is allowed to be configured without a password, or not configured to lock if there have been no logins to the root account for an organization defined time interval, the entire system can be compromised. |
STIG | Date |
---|---|
HP-UX SMSE Security Technical Implementation Guide | 2014-02-28 |
Check Text ( C-47005r1_chk ) |
---|
If the system is configured for Trusted Mode, this check is not applicable. For Standard Mode with Security Extensions (SMSE): Check the /etc/default/security file for the following attribute(s) and attribute values: LOGIN_POLICY_STRICT=1 # grep “LOGIN_POLICY_STRICT” /etc/default/security If LOGIN_POLICY_STRICT=0, then the root user is not subject to the same login restrictions as non-root users, and this is a finding. |
Fix Text (F-45394r1_fix) |
---|
If the system is operating in Trusted Mode, no fix is required. For SMSE: Edit the /etc/default/security file and add/modify the following attribute(s) and attribute values: PASSWORD_POLICY_STRICT=1 Save the file before exiting the editor. |