RHEL-06-000032 - The root account must be the only account having a UID of 0.

Information

An account has root authority if it has a UID of 0. Multiple accounts with a UID of 0 afford more opportunity for potential intruders to guess a password for a privileged account. Proper configuration of sudo is recommended to afford multiple system administrators access to root privileges in an accountable manner.

Solution

If any account other than root has a UID of 0, this misconfiguration should be investigated and the accounts other than root should be removed or have their UID changed.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_6_V2R2_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-217870r603264_rule, STIG-ID|RHEL-06-000032, STIG-Legacy|SV-50301, STIG-Legacy|V-38500, Vuln-ID|V-217870

Plugin: Unix

Control ID: e135d488307d82e98f8a32c45f593f59bad20323911e4b7c2d884db20d90f6e6