An error occurred:

Check: RHEL-06-000028

Red Hat Enterprise Linux 6 STIG: RHEL-06-000028 (in versions v2 r2 through v1 r14)

Title

The system must prevent the root account from logging in from serial consoles. (Cat III impact)

Discussion

Preventing direct root login to serial port interfaces helps ensure accountability for actions taken on the systems using the root account.

Check Content

To check for serial port entries which permit root login, run the following command: # grep '^ttyS[0-9]' /etc/securetty If any output is returned, then root login over serial ports is permitted. If root login over serial ports is permitted, this is a finding.

Fix Text

To restrict root logins on serial ports, ensure lines of this form do not appear in "/etc/securetty": ttyS0 ttyS1 Note: Serial port entries are not limited to those listed above. Any lines starting with "ttyS" followed by numerals should be removed

Additional Identifiers

Rule ID: SV-217866r603264_rule

Vulnerability ID: V-217866

Group Title: SRG-OS-000109

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000770

The organization requires individuals to be authenticated with an individual authenticator when a group authenticator is employed.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
IA-2 (5)

Group Authentication