Check: OL6-00-000028
Oracle Linux 6 STIG:
OL6-00-000028
(in versions v2 r7 through v1 r9)
Title
The system must prevent the root account from logging in from serial consoles. (Cat III impact)
Discussion
Preventing direct root login to serial port interfaces helps ensure accountability for actions taken on the systems using the root account.
Check Content
To check for serial port entries which permit root login, run the following command: # grep '^ttyS[0-9]' /etc/securetty If any output is returned, then root login over serial ports is permitted. If root login over serial ports is permitted, this is a finding.
Fix Text
To restrict root logins on serial ports, ensure lines of this form do not appear in "/etc/securetty": ttyS0 ttyS1 Note: Serial port entries are not limited to those listed above. Any lines starting with "ttyS" followed by numerals should be removed.
Additional Identifiers
Rule ID: SV-208805r793590_rule
Vulnerability ID: V-208805
Group Title: SRG-OS-000109
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000770 |
The organization requires individuals to be authenticated with an individual authenticator when a group authenticator is employed. |
Controls
Number | Title |
---|---|
IA-2 (5) |
Group Authentication |