Check: RHEL-08-010550
RHEL 8 STIG:
RHEL-08-010550
(in versions v2 r1 through v1 r14)
Title
RHEL 8 must not permit direct logons to the root account using remote access via SSH. (Cat II impact)
Discussion
Even though the communications channel may be encrypted, an additional layer of security is gained by extending the policy of not logging on directly as root. In addition, logging on with a user-specific account provides individual accountability of actions performed on the system.
Check Content
Verify remote access using SSH prevents users from logging on directly as "root". Check that SSH prevents users from logging on directly as "root" with the following command: $ sudo /usr/sbin/sshd -dd 2>&1 | awk '/filename/ {print $4}' | tr -d '\r' | tr '\n' ' ' | xargs sudo grep -iH '^\s*permitrootlogin' PermitRootLogin no If the "PermitRootLogin" keyword is set to "yes", is missing, or is commented out, this is a finding. If conflicting results are returned, this is a finding.
Fix Text
Configure RHEL 8 to stop users from logging on remotely as the "root" user via SSH. Edit the appropriate "/etc/ssh/sshd_config" file to uncomment or add the line for the "PermitRootLogin" keyword and set its value to "no": PermitRootLogin no The SSH daemon must be restarted for the changes to take effect. To restart the SSH daemon, run the following command: $ sudo systemctl restart sshd.service
Additional Identifiers
Rule ID: SV-230296r1017107_rule
Vulnerability ID: V-230296
Group Title: SRG-OS-000109-GPOS-00056
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000770 |
The organization requires individuals to be authenticated with an individual authenticator when a group authenticator is employed. |
CCI-004045 |
Require users to be individually authenticated before granting access to the shared accounts or resources. |
Controls
Number | Title |
---|---|
IA-2(5) |
Group Authentication |