Restrict Serial Port Root Logins
An XCCDF Rule
Description
To restrict root logins on serial ports,
ensure lines of this form do not appear in /etc/securetty
:
ttyS0 ttyS1
Rationale
Preventing direct root login to serial port interfaces helps ensure accountability for actions taken on the systems using the root account.
- ID
- xccdf_org.ssgproject.content_rule_restrict_serial_port_logins
- Severity
- Medium
- References
- Updated
Remediation - Shell Script
sed -i '/ttyS/d' /etc/securetty
Remediation - Ansible
- name: Restrict Serial Port Root Logins
lineinfile:
dest: /etc/securetty
regexp: ttyS[0-9]
state: absent
tags: