An error occurred:

Check: GEN000980

HP-UX 11.31 STIG: GEN000980 (in versions v1 r19 through v1 r13)

Title

The system must prevent the root account from directly logging in except from the system console. (Cat II impact)

Discussion

Limiting the root account direct logins to only system consoles protects the root account from direct unauthorized access from a non-console device.

Check Content

Check the /etc/securetty file contents. # more /etc/securetty If /etc/securetty does not exist, or has contents other than console or /dev/null, this is a finding.

Fix Text

If the /etc/securetty file does not exist, create the file containing only the word console and ensure correct file properties. # echo “console” > /etc/securetty

Additional Identifiers

Rule ID: SV-38453r2_rule

Vulnerability ID: V-778

Group Title: GEN000980

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000770

The organization requires individuals to be authenticated with an individual authenticator when a group authenticator is employed.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
IA-2 (5)

Group Authentication