content icon indicating copy to clipboard operation
content copied to clipboard

Published 20 hours ago verified publisher icon ComplianceAsCode

RHEL 7 v2r2 Alignment: Add Rule to SSG (STIG ID RHEL-07-020270)

Open tedbrunell opened this issue 6 years ago • 3 comments

Description of problem: The following rule is present in RHEL 7 STIG v2r2 but is missing from the SSG:

Group ID (Vulid): V-72001 Group Title: SRG-OS-000480-GPOS-00227 Rule ID: SV-86625r2_rule Severity: CAT II Rule Version (STIG-ID): RHEL-07-020270 Rule Title: The Red Hat Enterprise Linux operating system must not have unnecessary accounts.

Vulnerability Discussion: Accounts providing no operational purpose provide additional opportunities for system compromise. Unnecessary accounts include user accounts for individuals not requiring access to the system and application accounts for applications not installed on the system.

Check Content: Verify all accounts on the system are assigned to an active system, application, or user account.
Obtain the list of authorized system accounts from the Information System Security Officer (ISSO). Check the system accounts on the system with the following command:

# more /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin

Accounts such as "games" and "gopher" are not authorized accounts as they do not support authorized system functions.

If the accounts on the system do not match the provided documentation, or accounts that do not support an authorized system function are present, this is a finding.

Fix Text: Configure the system so all accounts on the system are assigned to an active system, application, or user account. Remove accounts that do not support approved system activities or that allow for a normal user to perform administrative-level actions.

Document all authorized accounts on the system.

CCI: CCI-000366

SCAP Security Guide Version:

1.43

Operating System Version:

RHEL 7

Expected Results:

This rule should be added to the SSG. Unnecessary accounts are a potential vector for attack.

tedbrunell avatar Jan 28 '19 14:01 tedbrunell

I envision creating a rule that contains only the text part and rationale since we cannot detect which account usernames are intentional or not, it's up to the System Administrator to know which accounts are not allowed and remove them manually.

ggbecker avatar Oct 01 '20 16:10 ggbecker

Accounts such as "games" and "gopher" are not authorized accounts as they do not support authorized system functions.

So, we can do all of the items.

Even better, we can create a variable of accounts that people can then tailor.

redhatrises avatar Oct 01 '20 16:10 redhatrises

Accounts such as "games" and "gopher" are not authorized accounts as they do not support authorized system functions.

So, we can do all of the items.

Even better, we can create a variable of accounts that people can then tailor.

That's a good idea. I'll be looking into this with more detail.

ggbecker avatar Oct 01 '20 16:10 ggbecker

Is this addressed? RHEL-07-020270 is tagged in the rule.

lenox-joseph avatar Aug 25 '22 16:08 lenox-joseph

this got fixed by: https://github.com/ComplianceAsCode/content/pull/7484

ggbecker avatar Aug 25 '22 16:08 ggbecker