You must monitor existing groups and members to ensure that any unnecessary groups or group access is removed.
Procedure
- ♦ Run the
<host>:~ # cat /etc/groupcommand to verify the minimum necessary groups and group membership.root:x:0:admin bin:x:1:daemon sys:x:2: kmem:x:3: tape:x:4: tty:x:5: daemon:x:6: floppy:x:7: disk:x:8: dialout:x:10: audio:x:11: video:x:12: utmp:x:13: usb:x:14: cdrom:x:15: adm:x:16: messagebus:x:18: systemd-journal:x:23: input:x:24: mail:x:34: lock:x:54: dip:x:30: systemd-bus-proxy:x:72: systemd-journal-gateway:x:73: systemd-journal-remote:x:74: systemd-journal-upload:x:75: systemd-network:x:76: systemd-resolve:x:77: systemd-timesync:x:78: nogroup:x:65533: users:x:100: sudo:x:27: wheel:x:28:root,admin sshd:x:50: apache:x:25:admin,apache ntp:x:87: named:x:999: vami:x:1000:root admin:x:1003:
