STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

RHEL 8 duplicate User IDs (UIDs) must not exist for interactive users.

DISA Rule

SV-230371r627750_rule

Vulnerability Number

V-230371

Group Title

SRG-OS-000104-GPOS-00051

Rule Version

RHEL-08-020240

Severity

CAT II

CCI(s)

• CCI-000764 - The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).

Weight

10

Fix Recommendation

Edit the file "/etc/passwd" and provide each interactive user account that has a duplicate User ID (UID) with a unique UID.

Check Contents

Verify that RHEL 8 contains no duplicate User IDs (UIDs) for interactive users.

Check that the operating system contains no duplicate UIDs for interactive users with the following command:

$ sudo awk -F ":" 'list[$3]++{print $1, $3}' /etc/passwd

If output is produced, and the accounts listed are interactive user accounts, this is a finding.

Vulnerability Number

V-230371

Documentable

False

Rule Version

RHEL-08-020240

Severity Override Guidance

Verify that RHEL 8 contains no duplicate User IDs (UIDs) for interactive users.

Check that the operating system contains no duplicate UIDs for interactive users with the following command:

$ sudo awk -F ":" 'list[$3]++{print $1, $3}' /etc/passwd

If output is produced, and the accounts listed are interactive user accounts, this is a finding.

Check Content Reference

M

Target Key

2921

Comments