CCI|CCI-000225

Title

The organization employs the concept of least privilege, allowing only authorized accesses for users (and processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2009

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
GEN000000-AIX00080 - The SYSTEM attribute must not be set to NONE for any account.	Unix	DISA STIG AIX 5.3 v1r2
GEN000000-AIX00080 - The SYSTEM attribute must not be set to NONE for any account.	Unix	DISA STIG AIX 6.1 v1r14
GEN000000-AIX0085 - The /etc/netsvc.conf file must be root owned.	Unix	DISA STIG AIX 5.3 v1r2
GEN000000-AIX0085 - The /etc/netsvc.conf file must be root owned.	Unix	DISA STIG AIX 6.1 v1r14
GEN000000-AIX0085 - The /etc/netsvc.conf file must be root owned.	Unix	DISA STIG AIX 6.1 v1r13
GEN000000-AIX0090 - The /etc/netsvc.conf file must be group-owned by bin, sys, or system.	Unix	DISA STIG AIX 6.1 v1r14
GEN000000-AIX0090 - The /etc/netsvc.conf file must be group-owned by bin, sys, or system.	Unix	DISA STIG AIX 5.3 v1r2
GEN000000-AIX0090 - The /etc/netsvc.conf file must be group-owned by bin, sys, or system.	Unix	DISA STIG AIX 6.1 v1r13
GEN000000-AIX0100 - The /etc/netsvc.conf file must have mode 0644 or less permissive.	Unix	DISA STIG AIX 6.1 v1r14
GEN000000-AIX0100 - The /etc/netsvc.conf file must have mode 0644 or less permissive.	Unix	DISA STIG AIX 6.1 v1r13
GEN000000-AIX0100 - The /etc/netsvc.conf file must have mode 0644 or less permissive.	Unix	DISA STIG AIX 5.3 v1r2
GEN000000-AIX0110 - The /etc/netsvc.conf file must not have an extended ACL.	Unix	DISA STIG AIX 6.1 v1r13
GEN000000-AIX0110 - The /etc/netsvc.conf file must not have an extended ACL.	Unix	DISA STIG AIX 6.1 v1r14
GEN000000-AIX0110 - The /etc/netsvc.conf file must not have an extended ACL.	Unix	DISA STIG AIX 5.3 v1r2
GEN000000-AIX0320 - The /etc/ftpaccess.ctl file must be owned by root.	Unix	DISA STIG AIX 6.1 v1r14
GEN000000-AIX0320 - The /etc/ftpaccess.ctl file must be owned by root.	Unix	DISA STIG AIX 5.3 v1r2
GEN000000-AIX0330 - The /etc/ftpaccess.ctl file must be group-owned by bin, sys, or system.	Unix	DISA STIG AIX 6.1 v1r14
GEN000000-AIX0330 - The /etc/ftpaccess.ctl file must be group-owned by bin, sys, or system.	Unix	DISA STIG AIX 5.3 v1r2
GEN000000-AIX0340 - The /etc/ftpaccess.ctl file must have mode 0640 or less permissive.	Unix	DISA STIG AIX 5.3 v1r2
GEN000000-AIX0340 - The /etc/ftpaccess.ctl file must have mode 0640 or less permissive.	Unix	DISA STIG AIX 6.1 v1r14
GEN000000-AIX0350 - The /etc/ftpaccess.ctl file must not have an extended ACL.	Unix	DISA STIG AIX 6.1 v1r14
GEN000000-AIX0350 - The /etc/ftpaccess.ctl file must not have an extended ACL.	Unix	DISA STIG AIX 5.3 v1r2
GEN000000-HPUX0060 - The /etc/securetty file must be owned by root	Unix	DISA STIG HP-UX 11.31 v1r19
GEN000000-HPUX0080 - The HP-UX /etc/securetty must be group-owned by root, sys, or bin	Unix	DISA STIG HP-UX 11.31 v1r19
GEN000000-HPUX0100 - The /etc/securetty file must have mode 0640 or less permissive	Unix	DISA STIG HP-UX 11.31 v1r19
GEN000000-HPUX0110 - The HP-UX /etc/securetty file must not have an extended ACL	Unix	DISA STIG HP-UX 11.31 v1r19
GEN000000-LNX00320 - The system must not have special privilege accounts, such as shutdown and halt - '/etc/passwd - halt'	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit
GEN000000-LNX00320 - The system must not have special privilege accounts, such as shutdown and halt - '/etc/passwd - halt'	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN000000-LNX00320 - The system must not have special privilege accounts, such as shutdown and halt - '/etc/passwd - reboot'	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit
GEN000000-LNX00320 - The system must not have special privilege accounts, such as shutdown and halt - '/etc/passwd - reboot'	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN000000-LNX00320 - The system must not have special privilege accounts, such as shutdown and halt - '/etc/passwd - shutdown'	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN000000-LNX00320 - The system must not have special privilege accounts, such as shutdown and halt - '/etc/passwd - shutdown'	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit
GEN000000-LNX00320 - The system must not have special privilege accounts, such as shutdown and halt - '/etc/shadow - halt'	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN000000-LNX00320 - The system must not have special privilege accounts, such as shutdown and halt - '/etc/shadow - halt'	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit
GEN000000-LNX001431 - The /etc/gshadow file must be owned by root.	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit
GEN000000-LNX001431 - The /etc/gshadow file must be owned by root.	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN000000-LNX001431 - The /etc/gshadow file must be owned by root.	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN000000-LNX001431 - The /etc/gshadow file must be owned by root.	Unix	DISA STIG for Oracle Linux 5 v1r14
GEN000000-LNX001432 - The /etc/gshadow file must be group-owned by root.	Unix	DISA STIG for Oracle Linux 5 v1r14
GEN000000-LNX001432 - The /etc/gshadow file must be group-owned by root.	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN000000-LNX001432 - The /etc/gshadow file must be group-owned by root.	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit
GEN000000-LNX001432 - The /etc/gshadow file must be group-owned by root.	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN000000-LNX001433 - The /etc/gshadow file must have mode 0400.	Unix	DISA STIG for Oracle Linux 5 v1r14
GEN000000-LNX001433 - The /etc/gshadow file must have mode 0400.	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN000000-LNX001433 - The /etc/gshadow file must have mode 0400.	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN000000-LNX001433 - The /etc/gshadow file must have mode 0400.	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit
GEN000000-LNX001434 - The /etc/gshadow file must not have an extended ACL.	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN000000-LNX001434 - The /etc/gshadow file must not have an extended ACL.	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN000000-LNX001434 - The /etc/gshadow file must not have an extended ACL.	Unix	DISA STIG for Oracle Linux 5 v1r14
GEN000000-LNX001434 - The /etc/gshadow file must not have an extended ACL.	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit

Detections

Analytics

CCI|CCI-000225

Title

Reference Item Details

Audit Items