diff --git a/docs/findings/el8.md b/docs/findings/el8.md index fb580e06f..7f81afb24 100644 --- a/docs/findings/el8.md +++ b/docs/findings/el8.md @@ -20,6 +20,7 @@ .. _User Account Passwords Must Be Restricted To A 60-Day Maximum Lifetime: #user-account-passwords-must-be-restricted-to-a-60-day-maximum-lifetime .. _OS Must Be Configured In The Password-Auth File To Prohibit Password Reuse For A Minimum Of Five Generations: #os-must-prohibit-password-reuse-for-a-minimum-of-five-generations .. _The Installed Operating System Is Not Vendor Supported: #the-installed-operating-system-is-not-vendor-supported + .. _"Only Authorized Local User Accounts Exist on Operating System" is always flagged: #only-authorized-local-user-accounts-exist-on-operating-system"-is-always-flagged +----------------------------------------------------------------------------------------+---------------------+ @@ -65,6 +66,10 @@ | | | | | RHEL-08-010000 | +----------------------------------------------------------------------------------------+---------------------+ + | `"Only Authorized Local User Accounts Exist on Operating System" is always flagged`_ | V-230379 | + | | | + | | RHEL-08-020320 | + +----------------------------------------------------------------------------------------+---------------------+ ``` @@ -252,3 +257,13 @@ This rule effects primarily "free" versions of the Red Hat Enterprise Linux oper And an `/etc/redhat-release` file with contents that aligns to one that's delivered with any of the preceding RPM. The various "free" versions of the Red Hat Enterprise Linux operating system will not have any of the above RPMs present. If using a vendor-supported Linux and this scan finding occurs, it's likely that either the `release-` RPM is missing or damaged, something has unexpectedly altered the target's `/etc/redhat-release` file or the scanner is looking for a wildcarded `release` file under the `/etc` directory and there's an unexpected filename found. + +# "Only Authorized Local User Accounts Exist on Operating System" is always flagged + +**Expected Finding:** + +Per the STIG notes: + +> Automatic remediation of this control is not available due to the unique requirements of each system. + +While-automation _could_ be authored that would leverage a site- or host-specific allowed-users list to disable or delete forbidden accounts, there exists an extremely-high likelihood that scanners used against such configuration-controlled operating environments would not contain the scanning logic necessary to validate compliance. As such – and with or without user-controlling automation-content – STIG scanners would still flag systems that are technically compliant.