3.1.3.3 daemon

Information

This change locks and disables login access for the daemon user account.

Rationale:

This change disables direct local and remote login to the daemon user account. Do not set a password on this account to ensure that the only access is via su from the root account.

There should not be a requirement to log in as the daemon user directly. All users should be given unique logon ids to ensure traceability and accountability.

Solution

Change the login and remote login user flags to disable daemon user access:

chuser account_locked=true login=false rlogin=false daemon

Default Value:

account_locked=false login=true rlogin=true

See Also

https://workbench.cisecurity.org/files/3525

Item Details

Category: CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE

References: 800-53|CM-7, 800-53|IA-5, 800-53|MA-4

Plugin: Unix

Control ID: ff116375a3b7f2479be6e8226d137cf2e6adf4063c7541c0e6b63cbc23aa29a1