STIGQter: STIG Summary: Solaris 10 SPARC Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

The system must not have unnecessary accounts.

DISA Rule

SV-226442r603265_rule

Vulnerability Number

V-226442

Group Title

SRG-OS-000480

Rule Version

GEN000290

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Remove all unnecessary accounts, such as games, from the /etc/passwd file before connecting a system to the network. Other accounts, such as news and gopher, associated with a service not in use should also be removed.

Check Contents

Check the system for unnecessary user accounts.

Procedure:
# more /etc/passwd

Some examples of unnecessary accounts include games, news, gopher, ftp, and lp.

If an unnecessary account is found and its use is not justified and documented with the ISSO, this is a finding.

Vulnerability Number

V-226442

Documentable

False

Rule Version

GEN000290

Severity Override Guidance

Check the system for unnecessary user accounts.

Procedure:
# more /etc/passwd

Some examples of unnecessary accounts include games, news, gopher, ftp, and lp.

If an unnecessary account is found and its use is not justified and documented with the ISSO, this is a finding.

Check Content Reference

M

Target Key

4060

Comments