Check: GEN000980
HP-UX 11.31 STIG:
GEN000980
(in versions v1 r19 through v1 r13)
Title
The system must prevent the root account from directly logging in except from the system console. (Cat II impact)
Discussion
Limiting the root account direct logins to only system consoles protects the root account from direct unauthorized access from a non-console device.
Check Content
Check the /etc/securetty file contents. # more /etc/securetty If /etc/securetty does not exist, or has contents other than console or /dev/null, this is a finding.
Fix Text
If the /etc/securetty file does not exist, create the file containing only the word console and ensure correct file properties. # echo “console” > /etc/securetty
Additional Identifiers
Rule ID: SV-38453r2_rule
Vulnerability ID: V-778
Group Title: GEN000980
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000770 |
The organization requires individuals to be authenticated with an individual authenticator when a group authenticator is employed. |
Controls
Number | Title |
---|---|
IA-2 (5) |
Group Authentication |