OL6-00-000029 - Default operating system accounts, other than root, must be locked.

Information

Disabling authentication for default system accounts makes it more difficult for attackers to make use of them to compromise a system.

Solution

Some accounts are not associated with a human user of the system, and exist to perform some administrative function. An attacker should not be able to log into these accounts.

Disable logon access to these accounts with the command:

# passwd -l [SYSACCT]

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_6_V2R7_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-208806r793591_rule, STIG-ID|OL6-00-000029, STIG-Legacy|SV-64937, STIG-Legacy|V-50731, Vuln-ID|V-208806

Plugin: Unix

Control ID: d0846e237de0043f65caa064a94e6e22380886f3333bf3f597b25d3e7441b2ce