The IAO/NSO will ensure the AAA authentication method implements user authentication.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-15433	NET0434	SV-16260r1_rule		Medium

Description
Group accounts are not permitted.

STIG	Date
Network Devices Security Technical Implementation Guide	2018-11-27

Details

Check Text ( C-14440r1_chk )
Review the AAA server configuration. Attempt to identify suspicious group profile definitions that do not meet the accounts user-id naming convention. Example:supr-user. Below is an example of what an SA profile may be associated. Group Profile Information group = rtr_super{ profile_id = 40 profile_cycle = 1 service=shell { default cmd=permit cmd=debug { deny all permit .* } } } Below is an example of the user definition that should be assigned with a valid ID, (not rtr-geek). Look for group accounts here: user = rtr-geek{ profile_id = 45 profile_cycle = 1 member = rtr_super password = des "********" }

Check Text ( C-14440r1_chk )

Review the AAA server configuration. Attempt to identify suspicious group profile definitions that do not meet the accounts user-id naming convention. Example:supr-user. Below is an example of what an SA profile may be associated.

Group Profile Information
group = rtr_super{
profile_id = 40
profile_cycle = 1
service=shell {
default cmd=permit
cmd=debug {
deny all
permit .*
}
}
}

Below is an example of the user definition that should be assigned with a valid ID, (not rtr-geek). Look for group accounts here:

user = rtr-geek{
profile_id = 45
profile_cycle = 1
member = rtr_super
password = des "********"
}

Fix Text (F-15097r1_fix)
Remove all group profiles from the AAA server.