Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-15433 | NET0434 | SV-16260r1_rule | ECSC-1 | Medium |
Description |
---|
Group accounts are not permitted. |
STIG | Date |
---|---|
Network Devices Security Technical Implementation Guide | 2015-09-22 |
Check Text ( C-14440r1_chk ) |
---|
Review the AAA server configuration. Attempt to identify suspicious group profile definitions that do not meet the accounts user-id naming convention. Example:supr-user. Below is an example of what an SA profile may be associated. Group Profile Information group = rtr_super{ profile_id = 40 profile_cycle = 1 service=shell { default cmd=permit cmd=debug { deny all permit .* } } } Below is an example of the user definition that should be assigned with a valid ID, (not rtr-geek). Look for group accounts here: user = rtr-geek{ profile_id = 45 profile_cycle = 1 member = rtr_super password = des "********" } |
Fix Text (F-15097r1_fix) |
---|
Remove all group profiles from the AAA server. |