Profile Applicability:
Level 1
Description:
In Unix and Linux systems, the user with User ID (UID) 0 has unrestricted administrative privileges. Having multiple accounts with UID 0 increases the risk of unauthorized access and privilege escalation.
Rationale:
Ensuring that only the root account has UID 0 limits administrative access to a single trusted account, reducing the attack surface and enhancing system security.
Impact:
Pros:
Limits privileged access to a single account.
Simplifies auditing and accountability of administrative actions.
Cons:
Removing additional UID 0 accounts may disrupt legitimate administrative workflows if not properly managed.
Default Value:
Multiple UID 0 accounts may exist if created by administrators or system misconfiguration.
Pre-requisites:
Root or sudo privileges to review and modify user accounts.
Remediation:
Test Plan:
Using Linux command line:
1. List all accounts with UID 0:
awk -F: '($3 == 0) {print $1}' /etc/passwd2. Verify that only root is listed.
Implementation Plan:
Using Linux command line:
1. For each non-root account with UID 0, change the UID to a non-privileged value or disable the account:
usermod -u <new_uid> <username> passwd -l <username> # To lock the account if needed
2. Verify changes:
awk -F: '($3 == 0) {print $1}' /etc/passwdBackout Plan:
Using Linux command line:
Restore previous UID values and unlock accounts if needed.
Communicate changes to affected users or administrators.
References:
CIS Amazon Linux 2 Benchmark v3.0.0