You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
Version 1
Current »
The Account element is to verify parity of groups with GIDs and users with UIDs. These are specialty controls used for 2 STIG IDs.
UID:0
Some systems may allow for a user not named root to have UID 0 and this control can be adjusted accordingly.
Example ensuring the value of UID 0 belongs to the super user account typically named root:
<Group>
<GroupId>V-204462</GroupId>
<GroupTitle>SRG-OS-000480-GPOS-00227</GroupTitle>
<RuleId>SV-204462r603261_rule</RuleId>
<Severity>CAT I</Severity>
<RuleVersion>RHEL-07-020310</RuleVersion>
<RuleTitle>The Red Hat Enterprise Linux operating system must be configured so that the root account must be the only account having unrestricted access to the system.</RuleTitle>
<Where>Account</Where>
<Applied>*</Applied>
<Type>UID:0</Type>
<Value>root</Value>
<Ignore>case</Ignore>
<IgnoreReason></IgnoreReason>
</Group>
Integrity:GID
Verify that all group names match their respective GIDs
Example verifying the consistency of groups to GIDs:
<Group>
<GroupId>V-204461</GroupId>
<GroupTitle>SRG-OS-000104-GPOS-00051</GroupTitle>
<RuleId>SV-204461r603261_rule</RuleId>
<Severity>CAT III</Severity>
<RuleVersion>RHEL-07-020300</RuleVersion>
<RuleTitle>The Red Hat Enterprise Linux operating system must be configured so that all Group Identifiers (GIDs) referenced in the /etc/passwd file are defined in the /etc/group file.</RuleTitle>
<Where>Account</Where>
<Applied>*</Applied>
<Type>Integrity:gid</Type>
<Value>Passed</Value>
<Ignore>case</Ignore>
<IgnoreReason></IgnoreReason>
</Group>
