Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-50731 | OL6-00-000029 | SV-64937r1_rule | Medium |
Description |
---|
Disabling authentication for default system accounts makes it more difficult for attackers to make use of them to compromise a system. |
STIG | Date |
---|---|
Oracle Linux 6 Security Technical Implementation Guide | 2014-06-12 |
Check Text ( C-53211r1_chk ) |
---|
To obtain a listing of all users and the contents of their shadow password field, run the command: $ awk -F: '{print $1 ":" $2}' /etc/shadow Identify the system accounts from this listing. These will primarily be the accounts with UID numbers less than 500, other than root. If any system account (other than root) has a valid password hash, this is a finding. |
Fix Text (F-55527r1_fix) |
---|
Some accounts are not associated with a human user of the system, and exist to perform some administrative function. An attacker should not be able to log into these accounts. Disable login access to these accounts with the command: # passwd -l [SYSACCT] |