All accounts must be assigned unique User Identification Numbers (UIDs).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| GEN000320-ESXI5-000036 | GEN000320-ESXI5-000036 | GEN000320-ESXI5-000036_rule | Medium |
| Description |
|---|
| Accounts sharing a UID have full access to each others' files. This has the same effect as sharing a login. There is no way to assure identification, authentication, and accountability because the system sees them as the same user. If the duplicate UID is 0, this gives potential intruders another privileged account to attack. |
| STIG | Date |
|---|---|
| VMware ESXi v5 Security Technical Implementation Guide | 2013-01-15 |
Details
| Check Text ( C-GEN000320-ESXI5-000036_chk ) |
|---|
| Disable lock down mode. Enable the ESXi Shell. Execute the following command(s): # cat /etc/passwd | cut -f 3 -d ":" | sort If any duplicate UIDs are found, this is a finding. Re-enable lock down mode. |
| Fix Text (F-GEN000320-ESXI5-000036_fix) |
|---|
| Modify user accounts to provide unique UIDs for each account. From the vSphere Client/vCenter: Click on the "Users and Groups" tab. Click on the "Users" button Right click and select "Add". Specify the desired User Name, Password, etc and Click "OK". |