Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-4268 | GEN000000-LNX00320 | SV-37181r1_rule | IAAC-1 | High |
Description |
---|
If special privilege accounts are compromised, the accounts could provide privileges to execute malicious commands on a system. |
STIG | Date |
---|---|
Red Hat Enterprise Linux 5 Security Technical Implementation Guide | 2016-06-01 |
Check Text ( C-35884r1_chk ) |
---|
Perform the following to check for unnecessary privileged accounts: # grep "^shutdown" /etc/passwd # grep "^halt" /etc/passwd # grep "^reboot" /etc/passwd If any unnecessary privileged accounts exist this is a finding. |
Fix Text (F-31139r1_fix) |
---|
Remove any special privilege accounts, such as shutdown and halt, from the /etc/passwd and /etc/shadow files using the "userdel" or "system-config-users" commands. |