{"description": "Add a group to the system for each GID referenced without a corresponding group.", "rationale": "If a user is assigned the Group Identifier (GID) of a group not existing on the system, and a group\nwith the Group Identifier (GID) is subsequently created, the user may have unintended rights to\nany files associated with the group.", "severity": "low", "references": {"cis-csc": ["1", "12", "15", "16", "5"], "cjis": ["5.5.2"], "cobit5": ["DSS05.04", "DSS05.05", "DSS05.07", "DSS05.10", "DSS06.03", "DSS06.10"], "isa-62443-2009": ["4.3.3.2.2", "4.3.3.5.1", "4.3.3.5.2", "4.3.3.6.1", "4.3.3.6.2", "4.3.3.6.3", "4.3.3.6.4", "4.3.3.6.5", "4.3.3.6.6", "4.3.3.6.7", "4.3.3.6.8", "4.3.3.6.9", "4.3.3.7.2", "4.3.3.7.4"], "isa-62443-2013": ["SR 1.1", "SR 1.10", "SR 1.2", "SR 1.3", "SR 1.4", "SR 1.5", "SR 1.7", "SR 1.8", "SR 1.9", "SR 2.1"], "iso27001-2013": ["A.18.1.4", "A.7.1.1", "A.9.2.1", "A.9.2.2", "A.9.2.3", "A.9.2.4", "A.9.2.6", "A.9.3.1", "A.9.4.2", "A.9.4.3"], "nerc-cip": ["CIP-003-8 R5.1.1", "CIP-003-8 R5.3", "CIP-004-6 R2.2.3", "CIP-004-6 R2.3", "CIP-007-3 R5.1", "CIP-007-3 R5.1.2", "CIP-007-3 R5.2", "CIP-007-3 R5.3.1", "CIP-007-3 R5.3.2", "CIP-007-3 R5.3.3"], "nist": ["IA-2", "CM-6(a)"], "nist-csf": ["PR.AC-1", "PR.AC-6", "PR.AC-7"], "pcidss": ["Req-8.5.a"], "srg": ["SRG-OS-000104-GPOS-00051"], "cis": ["7.2.3"], "pcidss4": ["8.2.2", "8.2"]}, "control_references": {"cis": ["7.2.3"], "pcidss4": ["8.2.2", "8.2"]}, "components": [], "identifiers": {}, "ocil_clause": "GIDs referenced in /etc/passwd are returned as not defined in /etc/group", "ocil": "To ensure all GIDs referenced in <tt>/etc/passwd</tt> are defined in <tt>/etc/group</tt>,\nrun the following command:\n<pre>$ sudo pwck -qr</pre>\nThere should be no output.", "oval_external_content": null, "fixtext": "Configure the system so that all GIDs are referenced in <tt>/etc/passwd</tt> are defined in <tt>/etc/group</tt>.\n\nEdit the file \"/etc/passwd\" and ensure that every user's GID is a valid GID.", "checktext": "", "vuldiscussion": "", "srg_requirement": "Users on Ubuntu 22.04 must have a primary group that exists.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "All Ubuntu 22.04 interactive users must have a primary group that exists.", "vuldiscussion": "If a user is assigned the Group Identifier (GID) of a group that does not exist on the system, and a group with the GID is subsequently created, the user may have unintended rights to any files associated with the group.", "checktext": "Verify that all Ubuntu 22.04 interactive users have a valid GID.\n\nCheck that the interactive users have a valid GID with the following command:\n\n$ sudo pwck -r\n\nIf pwck reports \"no group\" for any interactive user, this is a finding.", "fixtext": "Configure the system so that all GIDs are referenced in \"/etc/passwd\" are defined in \"/etc/group\".\n\nEdit the file \"/etc/passwd\" and ensure that every user's GID is a valid GID."}}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "All GIDs referenced in /etc/passwd must be defined in /etc/group", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-restrictions/password_storage/gid_passwd_group_same/rule.yml", "template": null}