iCompaas Support

Profile Applicability:
Level 1

Description:
 Duplicate user names can cause conflicts in authentication, permissions, and auditing. Ensuring unique user names maintains system integrity and prevents unauthorized access or privilege escalation.

Rationale:
 Preventing duplicate user names avoids confusion in user management and reduces risks related to identity and access control.

Impact:
 Pros:

• Maintains clear and consistent user identity management.

• Simplifies auditing and access control.

Cons:

• Renaming or removing duplicate user accounts may disrupt workflows if not carefully handled.

Default Value:
 Duplicate user names may exist due to misconfiguration or manual errors.

Pre-requisites:

• Root or sudo privileges to review and modify user accounts.
  

Remediation:

Test Plan:

Using Linux command line:

1. List all user names and identify duplicates:

   cut -d: -f1 /etc/passwd | sort | uniq -d

2. Verify that the output is empty, indicating no duplicates.
   

Implementation Plan:

Using Linux command line:

1. For each duplicate user name found, rename or remove duplicates carefully:

   usermod -l <new_username> <old_username>  
   userdel <duplicate_username>  

2. Ensure user files and permissions are updated accordingly.
   

Backout Plan:

Using Linux command line:

1. Restore original user names from backups if needed.

2. Reassign ownership of files and permissions if necessary.
   

References:

• CIS Amazon Linux 2 Benchmark v3.0.0

• NIST SP 800-53 Revision 5 - AC-6