Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-47983 | SOL-11.1-090030 | SV-60855r1_rule | Medium |
Description |
---|
Shared accounts (accounts where two or more people log in with the same user identification) do not provide identification and authentication. There is no way to provide for non-repudiation or individual accountability. |
STIG | Date |
---|---|
Solaris 11 SPARC Security Technical Implementation Guide | 2015-06-26 |
Check Text ( C-50419r1_chk ) |
---|
The Audit Review profile is required. Use the "auditreduce" command to check for multiple accesses to an account # auditreduce -c lo -u [shared_user_name] | praudit -l If users log directly into accounts, rather than using the "su" command from their own named account to access them, this is a finding. Also, ask the SA or the IAO if shared accounts are logged into directly or if users log into an individual account and switch user to the shared account. |
Fix Text (F-51595r1_fix) |
---|
The root role is required. Use the switch user ("su") command from a named account login to access shared accounts. Maintain audit trails that identify the actual user of the account name. Document requirements and procedures for users/administrators to log into their own accounts first and then switch user ("su") to the shared account. |