6.2.17 Ensure no duplicate GIDs exist (Scored) [SecScan]

This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong.

======6.2.17 Ensure no duplicate GIDs exist (Scored)======
=====Profile Applicability=====  
<code>
Level 1 - Server
Level 1 - Workstation 
</code>

=====Description=====
Although the ''groupadd'' program will not let you create a duplicate Group ID (GID), it is possible for an administrator to manually edit the ''/etc/group'' file and change the GID field.

=====Rationale=====
User groups must be assigned unique GIDs for accountability and to ensure appropriate access protections.

=====Audit===== 
Run the following script and verify no results are returned:
<Code:bash>
#!/bin/bash 
cat /etc/group | cut -f3 -d":" | sort -n | uniq -c | while read x ; do
  [ -z "${x}" ] && break 
  set - $x 
  if [ $1 -gt 1 ]; then
    groups=`awk -F: '($3 == n) { print $1 }' n=$2 /etc/group | xargs` 
    echo "Duplicate GID ($2): ${groups}" 
  fi 
done
</Code>

=====Remediation=====
Based on the results of the audit script, establish unique GIDs and review all files owned by the shared GID to determine which group they are supposed to belong to.
=====Notes=====
You can also use the ''grpck'' command to check for other inconsistencies in the ''/etc/group'' file.