Skip to content

Restrict Serial Port Root Logins

An XCCDF Rule

Description

To restrict root logins on serial ports, ensure lines of this form do not appear in /etc/securetty:

ttyS0
ttyS1

Rationale

Preventing direct root login to serial port interfaces helps ensure accountability for actions taken on the systems using the root account.

ID
xccdf_org.ssgproject.content_rule_restrict_serial_port_logins
Severity
Medium
References
Updated



Remediation - Shell Script

sed -i '/ttyS/d' /etc/securetty

Remediation - Ansible

- name: Restrict Serial Port Root Logins
  lineinfile:
    dest: /etc/securetty
    regexp: ttyS[0-9]
    state: absent
  tags: