Information
The operating system must prevent non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.
Rationale:
Preventing non-privileged users from executing privileged functions mitigates the risk that unauthorized individuals or processes may gain unnecessary access to information or privileges.
Privileged functions include, for example, establishing accounts, performing system integrity checks, or administering cryptographic key management activities. Non-privileged users are individuals who do not possess appropriate authorizations. Circumventing intrusion detection and prevention mechanisms or malicious code protection mechanisms are examples of privileged functions that require protection from non-privileged users.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Configure the operating system to prevent non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.
Utilizing the list of users gathered in the Audit section run the applicable command for that user below.
Use the following command to map a new user to the sysdam_u role:
#semanage login -a -s sysadm_u <username>
Use the following command to map an existing user to the sysdam_u role:
#semanage login -m -s sysadm_u <username>
Use the following command to map a new user to the staff_u role:
#semanage login -a -s staff_u <username>
Use the following command to map an existing user to the staff_u role:
#semanage login -m -s staff_u <username>
Use the following command to map a new user to the user_u role:
# semanage login -a -s user_u <username>
Use the following command to map an existing user to the user_u role:
# semanage login -m -s user_u <username>
Notes:
This Benchmark recommendation maps to:
Red Hat Enterprise Linux 7 Security Technical Implementation Guide:
Version 2, Release: 3 Benchmark Date: 26 Apr 2019
Vul ID: V-71971
Rule ID: SV-86595r2_rule
STIG ID: RHEL-07-020020
Severity: CAT II