STIGQter STIGQter: STIG Summary: SLES 12 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The SUSE operating system root account must be the only account having unrestricted access to the system.

DISA Rule

SV-217164r603262_rule

Vulnerability Number

V-217164

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

SLES-12-010650

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Change the UID of any account on the SUSE operating system, other than the root account, that has a UID of "0".

If the account is associated with system commands or applications, the UID should be changed to one greater than "0" but less than "1000". Otherwise, assign a UID of greater than "1000" that has not already been assigned.

Check Contents

Verify that the SUSE operating system root account is the only account with unrestricted access to the system.

Check the system for duplicate UID "0" assignments with the following command:

# awk -F: '$3 == 0 {print $1}' /etc/passwd

root

If any accounts other than root have a UID of "0", this is a finding.

Vulnerability Number

V-217164

Documentable

False

Rule Version

SLES-12-010650

Severity Override Guidance

Verify that the SUSE operating system root account is the only account with unrestricted access to the system.

Check the system for duplicate UID "0" assignments with the following command:

# awk -F: '$3 == 0 {print $1}' /etc/passwd

root

If any accounts other than root have a UID of "0", this is a finding.

Check Content Reference

M

Target Key

4033

Comments