Direct logins must not be permitted to shared, default, application, or utility accounts.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-216223 | SOL-11.1-090030 | SV-216223r603268_rule | Medium |
| Description |
|---|
| Shared accounts (accounts where two or more people log in with the same user identification) do not provide identification and authentication. There is no way to provide for non-repudiation or individual accountability. |
| STIG | Date |
|---|---|
| Solaris 11 X86 Security Technical Implementation Guide | 2021-11-23 |
Details
| Check Text ( C-17461r373051_chk ) |
|---|
| The Audit Review profile is required. This check applies to the global zone only. Determine the zone that you are currently securing. # zonename If the command output is "global", this check applies. Use the "auditreduce" command to check for multiple accesses to an account # auditreduce -c lo -u [shared_user_name] | praudit -l If users log directly into accounts, rather than using the "su" command from their own named account to access them, this is a finding. Also, ask the SA or the IAO if shared accounts are logged into directly or if users log into an individual account and switch user to the shared account. |
| Fix Text (F-17459r373052_fix) |
|---|
| The root role is required. This action applies to the global zone only. Determine the zone that you are currently securing. # zonename If the command output is "global", this action applies. Use the switch user ("su") command from a named account login to access shared accounts. Maintain audit trails that identify the actual user of the account name. Document requirements and procedures for users/administrators to log into their own accounts first and then switch user ("su") to the shared account. |