Verify Only Root Has UID 0
An XCCDF Rule
Description
If any account other than root has a UID of 0, this misconfiguration should
be investigated and the accounts other than root should be removed or have
their UID changed.
If the account is associated with system commands or applications the UID
should be changed to one greater than "0" but less than "1000."
Otherwise assign a UID greater than "1000" that has not already been
assigned.
Rationale
An account has root authority if it has a UID of 0. Multiple accounts with a UID of 0 afford more opportunity for potential intruders to guess a password for a privileged account. Proper configuration of sudo is recommended to afford multiple system administrators access to root privileges in an accountable manner.
- ID
- xccdf_org.ssgproject.content_rule_accounts_no_uid_except_zero
- Severity
- High
- References
- Updated
Remediation - Ansible
- name: Get all /etc/passwd file entries
getent:
database: passwd
split: ':'
tags:
- DISA-STIG-RHEL-09-411100
Remediation - Shell Script
awk -F: '$3 == 0 && $1 != "root" { print $1 }' /etc/passwd | xargs --no-run-if-empty --max-lines=1 passwd -l