The system must not have special privilege accounts, such as shutdown and halt.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-4268 | GEN000000-LNX00320 | SV-37181r1_rule | IAAC-1 | High |
| Description |
|---|
| If special privilege accounts are compromised, the accounts could provide privileges to execute malicious commands on a system. |
| STIG | Date |
|---|---|
| Red Hat Enterprise Linux 5 Security Technical Implementation Guide | 2017-03-01 |
Details
| Check Text ( C-35884r1_chk ) |
|---|
| Perform the following to check for unnecessary privileged accounts: # grep "^shutdown" /etc/passwd # grep "^halt" /etc/passwd # grep "^reboot" /etc/passwd If any unnecessary privileged accounts exist this is a finding. |
| Fix Text (F-31139r1_fix) |
|---|
| Remove any special privilege accounts, such as shutdown and halt, from the /etc/passwd and /etc/shadow files using the "userdel" or "system-config-users" commands. |