Profile Applicability:
Level 1
Description:
Duplicate group names can cause inconsistencies and unexpected behavior in user permissions and access control. Ensuring unique group names maintains the integrity of group-based security policies.
Rationale:
Preventing duplicate group names avoids confusion in group membership management and reduces the risk of privilege escalation or access control misconfigurations.
Impact:
Pros:
Ensures consistent and predictable group permissions.
Simplifies user and group management.
Cons:
Removal or renaming of duplicate groups may affect existing user permissions if not carefully managed.
Default Value:
Duplicate group names may exist due to manual misconfiguration or system inconsistencies.
Pre-requisites:
Root or sudo privileges to review and modify group configurations.
Remediation:
Test Plan:
Using Linux command line:
List all group names and identify duplicates:
cut -d: -f1 /etc/group | sort | uniq -d
Verify that the output is empty, indicating no duplicates.
Implementation Plan:
Using Linux command line:
For each duplicate group name found, rename or remove duplicates carefully:
groupmod -n <new_group_name> <old_group_name> groupdel <duplicate_group_name>
Ensure user memberships are preserved or reassigned as necessary.
Backout Plan:
Using Linux command line:
Restore original group names from backups if needed.
Reassign users to groups if any memberships were lost.
References:
CIS Amazon Linux 2 Benchmark v3.0.0