Skip to content
ATO Pathways
  Log In

Restrict Virtual Console Root Logins

An XCCDF Rule

Description

To restrict root logins through the (deprecated) virtual console devices, ensure lines of this form do not appear in /etc/securetty: 

vc/1
vc/2
vc/3
vc/4

Rationale

Preventing direct root login to virtual console devices helps ensure accountability for actions taken on the system using the root account.

ID
xccdf_org.ssgproject.content_rule_securetty_root_login_console_only
Severity
Medium
References
Updated



Remediation - Ansible

- name: Restrict Virtual Console Root Logins
  lineinfile:
    dest: /etc/securetty
    regexp: ^vc
    state: absent
  tags:

Remediation - Shell Script

sed -i '/^vc\//d' /etc/securetty