{"description": "Enterprise Application tends to use the server or virtual machine exclusively.\nBesides the default operating system user, there should be only authorized local\nusers required by the installed software groups and applications that exist on\nthe operating system. The authorized user list can be customized in the refine\nvalue variable <tt>var_accounts_authorized_local_users_regex</tt>.\nOVAL regular expression is used for the user list.\nConfigure the system so all accounts on the system are assigned to an active system,\napplication, or user account. Remove accounts that do not support approved system\nactivities or that allow for a normal user to perform administrative-level actions.\nTo remove unauthorized system accounts, use the following command:\n<pre>$ sudo userdel <i>unauthorized_user</i></pre>", "rationale": "Accounts providing no operational purpose provide additional opportunities for\nsystem compromise. Unnecessary accounts include user accounts for individuals not\nrequiring access to the system and application accounts for applications not installed\non the system.", "severity": "medium", "references": {"srg": ["SRG-OS-000480-GPOS-00227"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "there are unauthorized local user accounts on the system", "ocil": "To verify that there are no unauthorized local user accounts, run the following command:\n<pre>$ less /etc/passwd </pre>\nInspect the results, and if unauthorized local user accounts exist, remove them by running\nthe following command:\n<pre>$ sudo userdel <i>unauthorized_user</i></pre>", "oval_external_content": null, "fixtext": "Configure the system so all accounts on the system are assigned to an active system, application, or user account.\n\nRemove accounts that do not support approved system activities or that allow for a normal user to perform administrative-level actions.\n\nDocument all authorized accounts on the system.", "checktext": "", "vuldiscussion": "", "srg_requirement": "Ubuntu 22.04 must not have unnecessary accounts.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 must not have unauthorized accounts.", "vuldiscussion": "Accounts providing no operational purpose provide additional opportunities for\nsystem compromise. Unnecessary accounts include user accounts for individuals not\nrequiring access to the system and application accounts for applications not installed\non the system.", "checktext": "Verify that there are no unauthorized local interactive user accounts with the following command:\n\n$ less /etc/passwd\n\nroot:x:0:0:root:/root:/bin/bash\n...\nsmithk:x:1000:1000:smithk:/home/smithk:/bin/bash\nthrockw:x:1001:1001:throckw:/home/throckw:/bin/bash\n\nInteractive user account, generally will have a UID of 1000 or greater, a home directory in a specific partition, and an interactive shell.\n\nObtain the list of interactive user accounts authorized to be on the system from the System Administrator or Information System Security Officer (ISSO) and compare it to the list of local interactive user accounts on the system.\n\nIf there are unauthorized local user accounts on the system, this is a finding.", "fixtext": "Remove unauthorized local interactive user accounts with the following command where &ltunauthorized_user&gt is the unauthorized account:\n\n$ sudo userdel  &ltunauthorized_user&gt"}}, "platform": "system_with_kernel", "platforms": ["system_with_kernel"], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": ["system_with_kernel"], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Only Authorized Local User Accounts Exist on Operating System", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml", "template": null}