Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Resources
Documents
Publishers
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
CloudLinux AlmaLinux OS 9 Security Technical Implementation Guide
SRG-OS-000109-GPOS-00056
SRG-OS-000109-GPOS-00056
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
SRG-OS-000109-GPOS-00056
1 Rule
AlmaLinux OS 9 must not permit direct logons to the root account using remote access via SSH.
Medium Severity
Even though the communications channel may be encrypted, an additional layer of security is gained by extending the policy of not logging directly on as root. In addition, logging in with a user-specific account provides individual accountability of actions performed on the system. The root account is a known default username, so should not allow direct login as half of the username/password combination is known, making it vulnerable to brute-force password guessing attacks.