6.2.7 Ensure no duplicate user names exist

Information

Although the useradd program will not let you create a duplicate user name, it is possible for an administrator to manually edit the /etc/passwd file and change the user name.

Rationale:

If a user is assigned a duplicate user name, it will create and have access to files with the first UID for that username in /etc/passwd . For example, if 'test4' has a UID of 1000 and a subsequent 'test4' entry has a UID of 2000, logging in as 'test4' will use UID 1000. Effectively, the UID is shared, which is a security problem.

Solution

Based on the results of the audit script, establish unique user names for the users. File ownerships will automatically reflect the change as long as the users have unique UIDs.

MITRE ATT&CK Mappings:

Techniques / Sub-techniques

Tactics

Mitigations

T1078, T1078.001, T1078.003

TA0004

M1027

See Also

https://workbench.cisecurity.org/files/4068

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-4d.

Plugin: Unix

Control ID: 6b2cfd2ab0d1a979839ecb654b4467f12b196240fd463ff323e28a6292ee433f