All GIDs referenced in /etc/passwd must be defined in /etc/group

An XCCDF Rule

Description

Add a group to the system for each GID referenced without a corresponding group.

Rationale

If a user is assigned the Group Identifier (GID) of a group not existing on the system, and a group with the Group Identifier (GID) is subsequently created, the user may have unintended rights to any files associated with the group.

ID: xccdf_org.ssgproject.content_rule_gid_passwd_group_same
Severity: Low
References: 1 12 15 16 5

5.5.2

DSS05.04 DSS05.05 DSS05.07 DSS05.10 DSS06.03 DSS06.10

CCI-000764

4.3.3.2.2 4.3.3.5.1 4.3.3.5.2 4.3.3.6.1 4.3.3.6.2 4.3.3.6.3 4.3.3.6.4 4.3.3.6.5 4.3.3.6.6 4.3.3.6.7 4.3.3.6.8 4.3.3.6.9 4.3.3.7.2 4.3.3.7.4

SR 1.1 SR 1.10 SR 1.2 SR 1.3 SR 1.4 SR 1.5 SR 1.7 SR 1.8 SR 1.9 SR 2.1

A.18.1.4 A.7.1.1 A.9.2.1 A.9.2.2 A.9.2.3 A.9.2.4 A.9.2.6 A.9.3.1 A.9.4.2 A.9.4.3

CIP-003-8 R5.1.1 CIP-003-8 R5.3 CIP-004-6 R2.2.3 CIP-004-6 R2.3 CIP-007-3 R5.1 CIP-007-3 R5.1.2 CIP-007-3 R5.2 CIP-007-3 R5.3.1 CIP-007-3 R5.3.2 CIP-007-3 R5.3.3

CM-6(a) IA-2

PR.AC-1 PR.AC-6 PR.AC-7

Req-8.5.a

8.2 8.2.2

SRG-OS-000104-GPOS-00051
Updated: over 1 year ago