5.4.9 Ensure there are no unnecessary accounts

Information

The operating system must not have unnecessary accounts.

Rationale:

Accounts providing no operational purpose provide additional opportunities for system compromise. Unnecessary accounts include user accounts for individuals not requiring access to the system and application accounts for applications not installed on the system.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Configure the system so all accounts on the system are assigned to an active system, application, or user account.
Remove accounts that do not support approved system activities or that allow for a normal user to perform administrative-level actions.
To remove the user, the user's home directory and the users mail spool

# userdel -r user's username

Document all authorized accounts on the system.

Notes:

This Benchmark recommendation maps to:

Red Hat Enterprise Linux 7 Security Technical Implementation Guide:

Version 2, Release: 3 Benchmark Date: 26 Apr 2019



Vul ID: V-72001

Rule ID: SV-86625r2_rule

STIG ID: RHEL-07-020270

Severity: CAT II

See Also

https://workbench.cisecurity.org/files/2688

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2f.

Plugin: Unix

Control ID: a415544e7c8961d54437a57200a756557bbd9119c3416a0e3249334ea5568dab