Check: OL6-00-000027
Oracle Linux 6 STIG:
OL6-00-000027
(in versions v2 r7 through v1 r9)
Title
The system must prevent the root account from logging in from virtual consoles. (Cat II impact)
Discussion
Preventing direct root login to virtual console devices helps ensure accountability for actions taken on the system using the root account.
Check Content
To check for virtual console entries which permit root login, run the following command: # grep '^vc/[0-9]' /etc/securetty If any output is returned, then root logins over virtual console devices is permitted. If root login over virtual console devices is permitted, this is a finding.
Fix Text
To restrict root logins through the (deprecated) virtual console devices, ensure lines of this form do not appear in "/etc/securetty": vc/1 vc/2 vc/3 vc/4 Note: Virtual console entries are not limited to those listed above. Any lines starting with "vc/" followed by numerals should be removed.
Additional Identifiers
Rule ID: SV-208804r793589_rule
Vulnerability ID: V-208804
Group Title: SRG-OS-000109
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000770 |
The organization requires individuals to be authenticated with an individual authenticator when a group authenticator is employed. |
Controls
Number | Title |
---|---|
IA-2 (5) |
Group Authentication |