Direct logins must not be permitted to shared, default, application, or utility accounts.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-760 | GEN000280 | SV-63187r1_rule | ECSC-1 IAIA-1 | Medium |
| Description |
|---|
| Shared accounts (accounts where two or more people log in with the same user identification) do not provide identification and authentication. There is no way to provide for non-repudiation or individual accountability. |
| STIG | Date |
|---|---|
| Oracle Linux 5 Security Technical Implementation Guide | 2015-03-26 |
Details
| Check Text ( C-51911r1_chk ) |
|---|
| Use the last command to check for multiple accesses to an account from different workstations/IP addresses. # last -R If users log directly onto accounts, rather than using the switch user (su) or the "sudo" command from their own named account to access them, this is a finding (such as logging directly on to oracle). Verify with the SA or the IAO on documentation for users/administrators to log into their own accounts first and then switch user (su and/or sudo) to the account to be shared has been maintained including requirements and procedures. If no such documentation exists, this is a finding. |
| Fix Text (F-53761r1_fix) |
|---|
| Use the switch user (su) command from a named account login to access shared accounts. Document requirements and procedures for users/administrators to log into their own accounts first and then switch user (su) to the account to be shared. |