From ad8f4a30511aa56b9690c5932177816a2ceb17b8 Mon Sep 17 00:00:00 2001
From: Arden97 <arden2545@gmail.com>
Date: Wed, 19 Nov 2025 11:13:12 +0100
Subject: [PATCH 1/5] removing irrelevant notes from the controls

---
 controls/cis_almalinux9.yml | 2 --
 controls/cis_fedora.yml     | 2 --
 controls/cis_rhel10.yml     | 2 --
 3 files changed, 6 deletions(-)

diff --git a/controls/cis_almalinux9.yml b/controls/cis_almalinux9.yml
index 0b8a8ecaf071..29fa4bd9b124 100644
--- a/controls/cis_almalinux9.yml
+++ b/controls/cis_almalinux9.yml
@@ -2131,8 +2131,6 @@ controls:
           - l1_workstation
       status: partial
       notes: |-
-          The rule confirms the primary group for root, but doesn't check if any other user are also
-          using GID 0. New rule is necessary.
           There is assessment but no automated remediation for this rule and this sounds reasonable.
       rules:
           - accounts_root_gid_zero
diff --git a/controls/cis_fedora.yml b/controls/cis_fedora.yml
index f8dc196ddb89..13bb76495401 100644
--- a/controls/cis_fedora.yml
+++ b/controls/cis_fedora.yml
@@ -2289,8 +2289,6 @@ controls:
           - l1_workstation
       status: partial
       notes: |-
-          The rule confirms the primary group for root, but doesn't check if any other user are also
-          using GID 0. New rule is necessary.
           There is assessment but no automated remediation for this rule and this sounds reasonable.
       rules:
           - accounts_root_gid_zero
diff --git a/controls/cis_rhel10.yml b/controls/cis_rhel10.yml
index b246da01152a..4991435e0f1d 100644
--- a/controls/cis_rhel10.yml
+++ b/controls/cis_rhel10.yml
@@ -2233,8 +2233,6 @@ controls:
           - l1_workstation
       status: partial
       notes: |-
-          The rule confirms the primary group for root, but doesn't check if any other user are also
-          using GID 0. New rule is necessary.
           There is assessment but no automated remediation for this rule and this sounds reasonable.
       rules:
           - accounts_root_gid_zero

From d3f2326b11177b20ed919af06c017c66389f6c58 Mon Sep 17 00:00:00 2001
From: Arden97 <arden2545@gmail.com>
Date: Wed, 19 Nov 2025 11:28:58 +0100
Subject: [PATCH 2/5] adding additional description to accounts_root_gid_zero

---
 .../root_logins/accounts_root_gid_zero/rule.yml        | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/rule.yml
index efaa1dac9b2d..63cb516561cf 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/rule.yml
@@ -1,9 +1,9 @@
 documentation_complete: true
 
-title: 'Verify Root Has A Primary GID 0'
+title: 'Verify Only Root Has A Primary GID 0'
 
 description: |-
-    The <tt>root</tt> user should have a primary group of 0.
+    Only the <tt>root</tt> user should have a primary group of 0.
 
 rationale: |-
     To help ensure that root-owned files are not inadvertently exposed to other users.
@@ -23,16 +23,16 @@ references:
     cis@sle15: 5.4.3
     pcidss: Req-8.1.1
 
-ocil_clause: 'root has a primary gid not equal to zero'
+ocil_clause: 'root has a primary gid not equal to zero or other non-system accounts has a primary gid equal to zero'
 
 ocil: |-
     To verify that root's primary group is zero run the following command:
     <pre>
-        grep '^root:' /etc/passwd | cut -d : -f 4
+        awk -F: '($1 !~ /^(sync|shutdown|halt|operator)/ && $4=="0") {print $1":"$4}' /etc/passwd
     </pre>
     The command should return:
     <pre>
-    0
+        root:0
     </pre>
 
 platform: system_with_kernel

From bae12a151b06bb9b2511b9657e075f70926cbddf Mon Sep 17 00:00:00 2001
From: Arden97 <arden2545@gmail.com>
Date: Wed, 19 Nov 2025 13:06:30 +0100
Subject: [PATCH 3/5] addding escape sequence to ocil field

---
 .../root_logins/accounts_root_gid_zero/rule.yml                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/rule.yml
index 63cb516561cf..5fb76c73c59c 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/rule.yml
@@ -28,7 +28,7 @@ ocil_clause: 'root has a primary gid not equal to zero or other non-system accou
 ocil: |-
     To verify that root's primary group is zero run the following command:
     <pre>
-        awk -F: '($1 !~ /^(sync|shutdown|halt|operator)/ && $4=="0") {print $1":"$4}' /etc/passwd
+        awk -F: '($1 !~ /^(sync|shutdown|halt|operator)/ &amp;&amp; $4=="0") {print $1":"$4}' /etc/passwd
     </pre>
     The command should return:
     <pre>

From e1dd5214d1872c9be1256a121850e96d6bc9b456 Mon Sep 17 00:00:00 2001
From: Arden97 <arden2545@gmail.com>
Date: Thu, 20 Nov 2025 10:30:42 +0100
Subject: [PATCH 4/5] adjust the title name

---
 .../root_logins/accounts_root_gid_zero/rule.yml                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/rule.yml
index 5fb76c73c59c..e1ec95199d92 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-title: 'Verify Only Root Has A Primary GID 0'
+title: 'Verify Root Has A Primary GID 0'
 
 description: |-
     Only the <tt>root</tt> user should have a primary group of 0.

From a877848199a090a718aee1571ea83af197133df9 Mon Sep 17 00:00:00 2001
From: Arden97 <arden2545@gmail.com>
Date: Thu, 20 Nov 2025 10:33:44 +0100
Subject: [PATCH 5/5] adjusting the accounts_root_gid_zero description

---
 .../root_logins/accounts_root_gid_zero/rule.yml                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/rule.yml
index e1ec95199d92..6fd443fff306 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/rule.yml
@@ -3,7 +3,7 @@ documentation_complete: true
 title: 'Verify Root Has A Primary GID 0'
 
 description: |-
-    Only the <tt>root</tt> user should have a primary group of 0.
+    The <tt>root</tt> user should have a primary group of 0.
 
 rationale: |-
     To help ensure that root-owned files are not inadvertently exposed to other users.