OL6-00-000032 - The root account must be the only account having a UID of 0.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

An account has root authority if it has a UID of 0. Multiple accounts with a UID of 0 afford more opportunity for potential intruders to guess a password for a privileged account. Proper configuration of sudo is recommended to afford multiple system administrators access to root privileges in an accountable manner.

Solution

If any account other than root has a UID of 0, this misconfiguration should be investigated and the accounts other than root should be removed or have their UID changed.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_6_V2R6_STIG.zip

Item Details

References: CAT|II, CCI|CCI-000366, Rule-ID|SV-208809r793594_rule, STIG-ID|OL6-00-000032, STIG-Legacy|SV-64953, STIG-Legacy|V-50747, Vuln-ID|V-208809

Plugin: Unix

Control ID: e6638c05b9bd2d9d9233ff7932a03771beb7e35a8a2c8a3edb4145fe123808d3