6.2.5 Ensure no duplicate GIDs exist

Information

Although the groupadd program will not let you create a duplicate Group ID (GID), it is possible for an administrator to manually edit the /etc/group file and change the GID field.

Rationale:

User groups must be assigned unique GIDs for accountability and to ensure appropriate access protections.

Solution

Based on the results of the audit script, establish unique GIDs and review all files owned by the shared GID to determine which group they are supposed to belong to.

Additional Information:

You can also use the grpck command to check for other inconsistencies in the /etc/group file.

MITRE ATT&CK Mappings:

Techniques / Sub-techniques

Tactics

Mitigations

T1078, T1078.001, T1078.003

TA0005

M1027

See Also

https://workbench.cisecurity.org/files/4230

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-4d.

Plugin: Unix

Control ID: 718c2284cd512ff39344042492c5b5fc8ee8647d862ce326eb3ab151486c96e1