RHEL 9 must not have unauthorized accounts.
An XCCDF Rule
Description
<VulnDiscussion>Accounts providing no operational purpose provide additional opportunities for system compromise. Unnecessary accounts include user accounts for individuals not requiring access to the system and application accounts for applications not installed on the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-258058r926161_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Remove unauthorized local interactive user accounts with the following command where <unauthorized_user> is the unauthorized account:
$ sudo userdel <unauthorized_user>