Detections
Analytics
RHEL-10-600450 - RHEL 10 must not have unauthorized accounts.
Information
Having lockouts persist across reboots ensures that account is unlocked only by an administrator. If the lockouts did not persist across reboots, an attacker could reboot the system to continue brute force attacks against the accounts on the system.NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Configure RHEL 10 to have no unauthorized local interactive user accounts with the following command, where <unauthorized_user> is the unauthorized account:$ sudo userdel <unauthorized_user>
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_10_V1R1_STIG.zip
Item Details
Audit Name: DISA Red Hat Enterprise Linux 10 STIG v1r1
Category: ACCESS CONTROL
References: 800-53|AC-3, CAT|II, CCI|CCI-000213, Rule-ID|SV-281199r1166549_rule, STIG-ID|RHEL-10-600450, Vuln-ID|V-281199
Plugin: Unix
Control ID: a8dcc4267857cf306c8e319517e64b92275f340400fe78adf651ea3bc353235d