9.3 Verify System Account Default Passwords - locked

Information

There are a number of accounts provided with the Solaris OS that are used to manage applications and are not intended to provide an interactive shell. These accounts are delivered either in a locked or non-login state. Oracle does not support nor recommend changing the passwords associated with these accounts.

System accounts, such as bin, lpd, and sys have special purposes and privileges. By default, these accounts are configured as either locked or non-login. This status should be verified to ensure that these accounts have not accidentially or intentionally been enabled.

Solution

To lock a single account, use the command:
# passwd -d [username]
# passwd -l [username]

To configure a single account to be non-login, use the command:
# passwd -d [username]
# passwd -N [username]

See Also

https://workbench.cisecurity.org/files/612

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2f.

Plugin: Unix

Control ID: a8d57bf63f6fa4d7c7fc61191a2dfa2b827b046b23987a2e571976d3c4917629