The root account must be the only account having unrestricted access to the RHEL 8 system.

STIG ID: RHEL-08-040200  |  SRG: SRG-OS-000480-GPOS-00227 | Severity: high |  CCI: CCI-000366

Vulnerability Discussion

If an account other than root also has a User Identifier (UID) of "0", it has root authority, giving that account unrestricted access to the entire operating system. Multiple accounts with a UID of "0" afford an opportunity for potential intruders to guess a password for a privileged account.

Check

Check the system for duplicate UID "0" assignments with the following command:

$ sudo awk -F: '$3 == 0 {print $1}' /etc/passwd

If any accounts other than root have a UID of "0", this is a finding.

Fix

Change the UID of any account on the system, other than root, that has a UID of "0".

If the account is associated with system commands or applications, the UID should be changed to one greater than "0" but less than "1000". Otherwise, assign a UID of greater than "1000" that has not already been assigned.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.