Logins to the root account must be restricted to the system console only.

An XCCDF Rule

Details
Profiles
Prose

Description

<VulnDiscussion>Use an authorized mechanism such as RBAC and the "su" command to provide administrative access to unprivileged accounts. These mechanisms provide an audit trail in the event of problems.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-216361r959010_rule
Severity: Medium
References: CCI-000366
Updated: 18 days ago

The root role is required.

Modify the /etc/default/login file

# pfedit /etc/default/login
Locate the line containing:

CONSOLE

Change it to read:

CONSOLE=/dev/console

Logins to the root account must be restricted to the system console only.

Description

Remediation - Manual Procedure